New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Promote RunAsGroup to GA #94641
Promote RunAsGroup to GA #94641
Conversation
/sig auth |
pkg/features/kube_features.go
Outdated
@@ -700,7 +700,7 @@ var defaultKubernetesFeatureGates = map[featuregate.Feature]featuregate.FeatureS | |||
CSIMigrationAzureFileComplete: {Default: false, PreRelease: featuregate.Alpha}, | |||
CSIMigrationvSphere: {Default: false, PreRelease: featuregate.Beta}, | |||
CSIMigrationvSphereComplete: {Default: false, PreRelease: featuregate.Beta}, | |||
RunAsGroup: {Default: true, PreRelease: featuregate.Beta}, | |||
RunAsGroup: {Default: true, PreRelease: featuregate.GA}, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
when moving features to GA, we should:
- set
LockToDefault: true
and add a comment tracking removal in 2 releases (1.22 in this case) - remove checks for
.Enabled(features.RunAsGroup)
(since it is locked to true) - ensure API docs no longer indicate it is a beta feature (I think this is already done for this field)
- ensure e2e test coverage exists
pkg/features/kube_features.go
Outdated
@@ -249,7 +249,7 @@ const ( | |||
CRIContainerLogRotation featuregate.Feature = "CRIContainerLogRotation" | |||
|
|||
// owner: @krmayankk | |||
// beta: v1.14 | |||
// ga: v1.20 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
leave the beta line as-is to make it easy to see the history, and add the GA line
/cc @mrunalp (Mrunal was interested to help with this in this doc: https://docs.google.com/document/d/1-NNfuFMh246_ujQpYBCldLQ9hmqEbukaa79Xe1WGwdQ/edit#) |
👍 |
c151427
to
ab0a3f0
Compare
@krmayankk as part of the GA process, can you please also help with the following:
LMK if you need some help with these. Thank you! |
thanks will do |
86845d8
to
eec6e4f
Compare
is there an e2e test for this that should be promoted to a (Linux-only?) conformance test as part of this? |
i see these two e2e tests which are Linux-only and agree, they shouuld be part of conformance. How do you make a test part of conformance @liggitt ? |
/test pull-kubernetes-e2e-gce-ubuntu-containerd |
7c692e1
to
cef8ff4
Compare
opened a PR to make RunAsGroup part of Conformance @liggitt @tallclair @BenTheElder FYI |
the kep with prr just merged kubernetes/enhancements#1974 , can you take another look @liggitt @tallclair and tell me what else is needed. Also i have opened a PR for making these tests part of conformance, which will merge after this gets in |
pkg/features/kube_features.go
Outdated
@@ -208,7 +208,8 @@ const ( | |||
CRIContainerLogRotation featuregate.Feature = "CRIContainerLogRotation" | |||
|
|||
// owner: @krmayankk | |||
// beta: v1.14 | |||
// beta: v1.14 | |||
// ga: v1.22 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can we get this in v1.21?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the KEP is actually assigned to 1.21: kubernetes/enhancements#213
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
correct, do i just need to fix this item here to say ga: 1.21
? Who owns reviewing this ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, it should say 1.21. Any feature approver can review this file.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixed
@@ -51,11 +48,9 @@ func (f *simpleStrategyFactory) CreateStrategies(psp *policy.PodSecurityPolicy, | |||
} | |||
|
|||
var groupStrat group.GroupStrategy | |||
if utilfeature.DefaultFeatureGate.Enabled(features.RunAsGroup) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Shouldn't we keep this until the feature flag is removed in 1.22?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is example shows that it is not needed: #94140 Flag stays to make sure kubelet starts with this flag set
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So no action required from me right ?
/retest |
/approve |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
/retest |
/approve |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: dims, krmayankk, liggitt The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/kind feature
What this PR does / why we need it:
promote this feature to GA for 1.20 kubernetes/enhancements#213
API is unchanged
Which issue(s) this PR fixes:
Fixes #kubernetes/enhancements#213
Special notes for your reviewer:
Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.: