Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

rkt: Improve support for privileged pod (pod whose all containers are privileged) #31286

Merged
merged 2 commits into from
Aug 25, 2016
Merged

rkt: Improve support for privileged pod (pod whose all containers are privileged) #31286

merged 2 commits into from
Aug 25, 2016

Conversation

yifan-gu
Copy link
Contributor

@yifan-gu yifan-gu commented Aug 23, 2016
edited by k8s-oncall

Fix #31100

This takes advantage of rkt/rkt#2983 . By appending the new --all-run insecure-options to rkt run-prepared command when all the containers are privileged. The pod now gets more privileged power.

This change is Reviewable

@yifan-gu yifan-gu added this to the rktnetes-v1.1 milestone Aug 23, 2016
@yifan-gu yifan-gu added the release-note-none Denotes a PR that doesn't merit a release note. label Aug 23, 2016
@k8s-github-robot k8s-github-robot added the size/M Denotes a PR that changes 30-99 lines, ignoring generated files. label Aug 23, 2016
@euank
Copy link
Contributor

euank commented Aug 23, 2016

Perhaps we should also update the minimum required version to reflect this (though I believe the failure scenario is just that the feature will gracefully degrade into all capabilities).

Reviewed 1 of 1 files at r1, 1 of 1 files at r2.
Review status: all files reviewed at latest revision, all discussions resolved, some commit checks failed.

Comments from Reviewable

@yifan-gu
Copy link
Contributor Author

@euank Updated the version.

@k8s-github-robot k8s-github-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Aug 23, 2016
This was referenced Aug 23, 2016
Closed
Closed
@k8s-github-robot
Copy link

@yifan-gu
You must link to the test flake issue which caused you to request this manual re-test.
Re-test requests should be in the form of: k8s-bot test this issue: #<number>
Here is the list of open test flakes.

@euank
Copy link
Contributor

euank commented Aug 23, 2016

:lgtm:

Last nit is that this could be a release note / bug-fix label, though it doesn't completely fix the bug, it is a step in the right direction.
Feel free to have an opinion on whether this is action-required (rkt upgrade). I think we can not add action-required notes yet given the overall status of rkt integration, but feel free to disagree.

Reviewed 2 of 2 files at r3.
Review status: all files reviewed at latest revision, all discussions resolved.

Comments from Reviewable

@yifan-gu yifan-gu added release-note Denotes a PR that will be considered when it comes time to generate release notes. and removed release-note-none Denotes a PR that doesn't merit a release note. labels Aug 24, 2016
@yifan-gu
Copy link
Contributor Author

@euank I was also thinking about adding release-note. Thanks!

@yifan-gu yifan-gu added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Aug 24, 2016
@yifan-gu yifan-gu modified the milestones: v1.4, rktnetes-v1.1 Aug 24, 2016
@tmrts
Copy link
Contributor

tmrts commented Aug 24, 2016

@yifan-gu LGTM 👍

Are we not adding a release note? I couldn't see it

@pwittrock
Copy link
Member

@tmrts @yifan-gu What is the relationship between this and the feature freeze (8/22)? Same question for #30513. Is this fora feature or a bug fix?

@euank
Copy link
Contributor

euank commented Aug 24, 2016

@pwittrock I would consider this a bugfix in that it improves the state of a known issue with the rkt integration. I would consider #30513 feature-work.

@pwittrock
Copy link
Member

@euank Thanks for that clarification. I will follow up on #30513 separately.

@k8s-bot
Copy link

k8s-bot commented Aug 25, 2016

GCE e2e build/test passed for commit 173dbd7.

@k8s-github-robot
Copy link

Automatic merge from submit-queue

@k8s-github-robot k8s-github-robot merged commit 6901a00 into kubernetes:master Aug 25, 2016
@yifan-gu yifan-gu deleted the rkt_privileged branch August 25, 2016 18:35
@euank euank mentioned this pull request Sep 3, 2016
Merged
k8s-github-robot pushed a commit that referenced this pull request Sep 7, 2016
Merge pull request #32020 from euank/version-twiddling
243959c 
Automatic merge from submit-queue

rkt: Update kube-up rkt version to v1.14.0

cc @kubernetes/sig-rktnetes 

This should have been included in #31286 (whoops).

This is a bugfix that I propose for v1.4 inclusion.
pwittrock pushed a commit that referenced this pull request Sep 13, 2016
@eparis
Merge pull request #32020 from euank/version-twiddling
d4e632a 
Automatic merge from submit-queue

rkt: Update kube-up rkt version to v1.14.0

cc @kubernetes/sig-rktnetes

This should have been included in #31286 (whoops).

This is a bugfix that I propose for v1.4 inclusion.
(cherry picked from commit 243959c)
shyamjvs pushed a commit to shyamjvs/kubernetes that referenced this pull request Dec 1, 2016
@eparis
Merge pull request kubernetes#32020 from euank/version-twiddling
0e6438d 
Automatic merge from submit-queue

rkt: Update kube-up rkt version to v1.14.0

cc @kubernetes/sig-rktnetes

This should have been included in kubernetes#31286 (whoops).

This is a bugfix that I propose for v1.4 inclusion.
(cherry picked from commit 243959c)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@euank euank

@tmrts tmrts

Labels
lgtm "Looks good to me", indicates that a PR is ready to be merged. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
v1.4
Development

Successfully merging this pull request may close these issues.

None yet
7 participants
@yifan-gu @euank @k8s-github-robot @tmrts @pwittrock @k8s-bot @googlebot