-
Notifications
You must be signed in to change notification settings - Fork 39.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
flexvolume: rework for the new volume controller design #26926
Conversation
Can one of the admins verify that this patch is reasonable to test? If so, please reply "ok to test". This message may repeat a few times in short succession due to jenkinsci/ghprb-plugin#292. Sorry. Otherwise, if this message is too spammy, please complain to ixdy. |
2 similar comments
Can one of the admins verify that this patch is reasonable to test? If so, please reply "ok to test". This message may repeat a few times in short succession due to jenkinsci/ghprb-plugin#292. Sorry. Otherwise, if this message is too spammy, please complain to ixdy. |
Can one of the admins verify that this patch is reasonable to test? If so, please reply "ok to test". This message may repeat a few times in short succession due to jenkinsci/ghprb-plugin#292. Sorry. Otherwise, if this message is too spammy, please complain to ixdy. |
@k8s-bot ok to test |
Thanks for jumping on this @MikaelCluseau |
A few notes:
|
That's a bit of a nasty tangle. You'll need to know the namespace this is being attached for. |
Let me elaborate on my last comment:
|
On 06/08/2016 03:33 AM, Paul Morie wrote:
I understand, but FlexVolume currently have this feature of putting a
History showed that I don't always have all to alternatives in mind, but |
Thanks for jumping in @MikaelCluseau. I was on a short vacation. Just catching up on github. Since you already started this exercise, I can help you review and verify it. |
Plugins inferring namespace from pod to fetch secrets is problematic. Between the options @MikaelCluseau listed:
Agreed that sticking the namespace in
This is equally bad/good as 1.
This would work but it is super hacky. I say no.
Discarding the feature is an option for Flex for the reason you stated. But other plugins like rbd have the same issue, so we need to solve it. There is a 5th option: Modify the API by to have |
On 06/09/2016 08:40 AM, Chakravarthy Nelluri wrote:
Thanks, that's good for me because I'm an occasionnal contributor and |
On 06/09/2016 08:48 AM, Saad Ali wrote:
I agree it looks like the correct way. The only drawback I can see here |
I spoke with @thockin offline. He had a good point which is because these secret references are inside a volume definition that is ultimately referenced by a Pod, LocalObjectReference is the correct way to reference the secret. The user should not have to respecify the namespace it should be the same namespace as the pod. Also the user should not be able to reference a secret from a different namespace than the pod namespace. I agree with these points. Therefore, I say let's go with #2 for now. @pmorie, speak up if you disagree. |
Just saw your comment @MikaelCluseau. Yes, we are in agreement. Either 1 or 2 are fine with me. If @pmorie is ok with it, could you implement one of these approaches? |
Thanks @saad-ali I like it too. The final consumer is Pod and works for our flex volume use case too. |
On 06/09/2016 10:04 AM, Saad Ali wrote:
Sure, I'll do whatever is needed to get at least FlexVolume to this |
Awesome, 1 is fine with me. Let's go with that. If @pmorie has beef, we'll deal with it 👊 😆 |
On 06/09/2016 10:34 AM, Saad Ali wrote:
okay ;-) I'm adding PodNamespace and PodName as the pod's name was used |
On 06/09/2016 02:00 PM, Mikaël Cluseau wrote:
and the PodUID... because of func (f *flexVolumeMounter) GetDeviceMountPath(spec *volume.Spec) string { |
4a9b0cd
to
ee932f4
Compare
94b4935
to
a4a7bae
Compare
Thanks for your pull request. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). 📝 Please follow instructions at https://github.com/kubernetes/kubernetes/wiki/CLA-FAQ to sign the CLA. Once you've signed, please reply here (e.g. "I signed it!") and we'll verify. Thanks.
If you have questions or suggestions related to this bot's behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.
|
Jenkins GCE e2e failed for commit a4a7bae. Full PR test history. The magic incantation to run this job again is |
Jenkins GCI GKE smoke e2e failed for commit a4a7bae. Full PR test history. The magic incantation to run this job again is |
Jenkins kops AWS e2e failed for commit a4a7bae. Full PR test history. The magic incantation to run this job again is |
Jenkins unit/integration failed for commit a4a7bae. Full PR test history. The magic incantation to run this job again is |
Jenkins GCI GCE e2e failed for commit a4a7bae. Full PR test history. The magic incantation to run this job again is |
Jenkins Kubemark GCE e2e failed for commit a4a7bae. Full PR test history. The magic incantation to run this job again is |
Jenkins GCE etcd3 e2e failed for commit a4a7bae. Full PR test history. The magic incantation to run this job again is |
Jenkins CRI GCE Node e2e failed for commit a4a7bae. Full PR test history. The magic incantation to run this job again is |
Jenkins GKE smoke e2e failed for commit a4a7bae. Full PR test history. The magic incantation to run this job again is |
Jenkins GCE Node e2e failed for commit a4a7bae. Full PR test history. The magic incantation to run this job again is |
Jenkins verification failed for commit a4a7bae. Full PR test history. The magic incantation to run this job again is |
@MikaelCluseau PR needs rebase |
[APPROVALNOTIFIER] Needs approval from an approver in each of these OWNERS Files: We suggest the following people: |
Will be merged as part of #41804. |
This change is