Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Automated cherry pick of #108000: azure_file: add namespace tests for InTree to CSI #108601

Merged
merged 2 commits into from Apr 26, 2022
Merged

Automated cherry pick of #108000: azure_file: add namespace tests for InTree to CSI #108601

merged 2 commits into from Apr 26, 2022

Conversation

andyzhangx
Copy link
Member

Cherry pick of #108000 on release-1.22.

#108000: azure_file: add namespace tests for InTree to CSI

For details on the cherry pick process, see the cherry pick requests page.

@RomanBednar @andyzhangx
azure_file: add namespace tests for InTree to CSI conversion
bbae30b 
When translating InTree pv to CSI pv we use default secret namespace
when it's not found in the InTree pv.

Using the default is not ideal for several reasons:
1) it can result in failed pod creation after users migrate to cluster
with CSI enabled because the existing intree pvs might not have the
namespace defined. In that case the "default" is used and mount fails
because secret could not be found.

2) falling back to "default" namespace can result in referencing a
secret from different namespace which is a security risk

However, there is another object we can use to determine correct
namespace which presence can be safely assumed - ClaimRef. Mounting a
volume is done only through a PVC which is bound. Binding adds ClaimRef
to PV and finally the volume gets mounted which is where the
translation code is used.
@RomanBednar @andyzhangx
azure_file: try to get secret namespace from ClaimRef
85b5bce 
This is the actual fix - attempt to obtain a namespace from ClaimRef.
Or fail if namespace could not be found instead of using "default".
@k8s-ci-robot k8s-ci-robot added this to the v1.22 milestone Mar 9, 2022
@k8s-ci-robot k8s-ci-robot added do-not-merge/cherry-pick-not-approved Indicates that a PR is not yet approved to merge into a release branch. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. do-not-merge/needs-kind Indicates a PR lacks a `kind/foo` label and requires one. do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Mar 9, 2022
@andyzhangx
Copy link
Member Author

/priority important-soon
/sig cloud-provider
/area provider/azure
/triage accepted
/assign @msau42

@k8s-ci-robot k8s-ci-robot added the priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. label Mar 9, 2022
@k8s-ci-robot k8s-ci-robot added the sig/storage Categorizes an issue or PR as relevant to SIG Storage. label Mar 9, 2022
@k8s-ci-robot k8s-ci-robot added sig/cloud-provider Categorizes an issue or PR as relevant to SIG Cloud Provider. area/provider/azure Issues or PRs related to azure provider triage/accepted Indicates an issue or PR is ready to be actively worked on. and removed needs-priority Indicates a PR lacks a `priority/foo` label and requires one. do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Mar 9, 2022
@jsafrane
Copy link
Member

jsafrane commented Mar 9, 2022

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Mar 9, 2022
@msau42
Copy link
Member

msau42 commented Mar 10, 2022

/approve

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Mar 10, 2022
@jsafrane
Copy link
Member

/retest

@andyzhangx
Copy link
Member Author

/kind bug

@k8s-ci-robot k8s-ci-robot added the kind/bug Categorizes issue or PR as related to a bug. label Mar 29, 2022
@k8s-ci-robot k8s-ci-robot removed the do-not-merge/needs-kind Indicates a PR lacks a `kind/foo` label and requires one. label Mar 29, 2022
@andyzhangx
Copy link
Member Author

/test pull-kubernetes-e2e-capz-azure-file
/test pull-kubernetes-e2e-capz-azure-file-vmss

@andyzhangx
Copy link
Member Author

/retest

1 similar comment
@andyzhangx
Copy link
Member Author

/retest

@andyzhangx
Copy link
Member Author

@cpanato could you approve? thanks.

cpanato
cpanato approved these changes Apr 26, 2022
View reviewed changes
Copy link
Member

@cpanato cpanato left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@cpanato cpanato added the cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. label Apr 26, 2022
@k8s-ci-robot k8s-ci-robot removed the do-not-merge/cherry-pick-not-approved Indicates that a PR is not yet approved to merge into a release branch. label Apr 26, 2022
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: andyzhangx, cpanato, msau42

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@bridgetkromhout
Copy link
Member

/retest

@k8s-ci-robot k8s-ci-robot merged commit 12f1e51 into kubernetes:release-1.22 Apr 26, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cpanato cpanato cpanato approved these changes

@ddebroy ddebroy Awaiting requested review from ddebroy

@leakingtapan leakingtapan Awaiting requested review from leakingtapan

Assignees

@jsafrane jsafrane

@cpanato cpanato

@msau42 msau42

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/provider/azure Issues or PRs related to azure provider cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/bug Categorizes issue or PR as related to a bug. lgtm "Looks good to me", indicates that a PR is ready to be merged. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. sig/cloud-provider Categorizes an issue or PR as relevant to SIG Cloud Provider. sig/storage Categorizes an issue or PR as relevant to SIG Storage. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. triage/accepted Indicates an issue or PR is ready to be actively worked on.
Projects
None yet
Milestone
v1.22
Development

Successfully merging this pull request may close these issues.

None yet
7 participants
@andyzhangx @jsafrane @msau42 @k8s-ci-robot @bridgetkromhout @cpanato @RomanBednar