KEP-2535: retarget alpha in 1.31 and update to readd the disk check #4693
Conversation
k8s-ci-robot
added
the
cncf-cla: yes
k8s-ci-robot
added
kind/kep
There was a problem hiding this comment.
based on prior feedback kubernetes/kubernetes#114847 (comment) - there was a request to consider splitting up the config items, one to specify the duration for rechecking, and another for whether or not cross pod checking is enabled on the node.
k8s-ci-robot
added
size/L
Thanks for the reminder! I have updated it |
k8s-ci-robot
added
size/M
k8s-ci-robot
added
size/L
| when the feature gate is on the second pod will receive an error message, where | ||
| before and with the feature gate off the second pod would be able to use the image | ||
| pulled with credentials by the first pod. | ||
| For the `Never` policy, the behavior also must change. Otherwise, a user who wishes to use the image of another pod could just use `Never` and hope |
There was a problem hiding this comment.
note to a reviewer: this is a net-new aspect of this KEP, PTAL
|
I reworked the summary @mikebrow PTAL |
|
Since PRR approval was nearly 3 years ago, I am sure the PRR questions have a few new ones since then. Please sync up with the latest template. Also, glancing through it, rather than saying "see above" for the "default behavior" question, can you call out the significant user-visible default behavior changes? Something like "some pods may begin to see errors if they do not have imagePullSecrets defined under such-and-such conditions". Also "going back to works as designed" is not very clear for the question on disablement. Maybe something like "pods will be able to use images without verifying their access to secrets" or something a little more complete. May I also suggest you add a metric NOW, with the feature gate DISABLED, which identifies which Pods would have had an error, if the feature gate were enabled. This allows admins to see if they will get errors in their clusters, before they even anbel the feature gate. |
|
/hold for PRR question updates |
k8s-ci-robot
added
the
do-not-merge/hold
…uration flag to define different behaviors" This reverts commit b14b2ee. As the suggestion to drop the persist caused it to be blocked at code merge in 1.30. Reintroduce the cache concept Signed-off-by: Peter Hunt <[email protected]>
Signed-off-by: Peter Hunt <[email protected]>
Signed-off-by: Peter Hunt <[email protected]>
…be added Signed-off-by: Peter Hunt <[email protected]>
Signed-off-by: Peter Hunt <[email protected]>
Signed-off-by: Peter Hunt <[email protected]>
Signed-off-by: Peter Hunt <[email protected]>
haircommander
force-pushed
the
2535-alpha
branch
from
93dec15 to
7abe3dd
Compare
|
thanks @johnbelamaric! I checked and didn't see any PRR sections that had changed since this was filled out. I updated based on some of your feedback and embellished generally, PTAL |
|
/approve for PRR I am leaving the hold on for SIG approval. Once there is SIG approval, you can release the hold. |
k8s-ci-robot
added
the
approved
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: haircommander, johnbelamaric, mikebrow, mrunalp The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/lgtm |
k8s-ci-robot
removed
the
do-not-merge/hold
k8s-ci-robot
added
the
lgtm
6 participants
Ensure secret pulled images #2535