Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

KEP-3619: Add NodeStatus.Features.SupplementalGroupsPolicy API and e2e #125470

Merged
merged 5 commits into from
Jul 16, 2024
Merged

KEP-3619: Add NodeStatus.Features.SupplementalGroupsPolicy API and e2e #125470

merged 5 commits into from
Jul 16, 2024

Conversation

everpeace
Copy link
Contributor

@everpeace everpeace commented Jun 12, 2024
edited
Loading

Depended by:

What this PR does / why we need it:

KEP: kubernetes/enhancements#3619
KEP PR for the API changes: kubernetes/enhancements#4728

  • Add NodeFeatures.SupplementGroupsPolicy in kubernetes api
  • Add RuntimeFeatures.SupplementalGroupsPolicy in cri-api
  • Implements e2e test for this KEP
    • the test will skip when the feature is not supported in Node.Status.Features.SupplementalGroupsPolicy

Special notes for your reviewer:

#117842 implemented API/CRI and k/k logics for this KEP. But, it didn't include E2E test. Moreover, I also realized cri-tools's my working PR(kubernetes-sigs/cri-tools#1438) is difficult to merge because critest's CI depends on containerd's previous versions.

Because the core logic for this KEP is implemented in container runtimes, E2E should detect whether the feature is supported or not at CRI level so that we can implement safe E2E which can gracefully skip it when the runtime does not support this feature. To do this, this PR added feature fields in RuntimeHandlerFeature both in CRI and kubernetes API.

Once the container runtime in E2E gets bumped and it supports this feature, the E2E for this KEP will be automatically activated.

Does this PR introduce a user-facing change?

Added Node.Status.Features.SupplementalGroupsPolicy field which is set to true when the feature is implemented in the CRI implementation (KEP-3619)

Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:

- [KEP]: https://github.com/kubernetes/enhancements/tree/master/keps/sig-node/3619-supplemental-groups-policy

@k8s-ci-robot
Copy link
Contributor

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@k8s-ci-robot k8s-ci-robot added release-note Denotes a PR that will be considered when it comes time to generate release notes. do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. kind/feature Categorizes issue or PR as related to a new feature. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. area/code-generation area/kubelet area/test kind/api-change Categorizes issue or PR as related to adding, removing, or otherwise changing an API sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. sig/apps Categorizes an issue or PR as relevant to SIG Apps. sig/node Categorizes an issue or PR as relevant to SIG Node. sig/testing Categorizes an issue or PR as relevant to SIG Testing. and removed do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. labels Jun 12, 2024
@everpeace

This comment was marked as off-topic.

Sign in to view
@everpeace

This comment has been minimized.

Sign in to view
@everpeace everpeace marked this pull request as ready for review June 13, 2024 07:24
@k8s-ci-robot k8s-ci-robot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jun 13, 2024
@everpeace

This comment was marked as outdated.

Sign in to view
@k8s-ci-robot k8s-ci-robot added triage/accepted Indicates an issue or PR is ready to be actively worked on. and removed needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Jun 13, 2024
mrunalp
mrunalp reviewed Jul 15, 2024
View reviewed changes
pkg/apis/core/types.go Outdated
@@ -4914,6 +4916,15 @@ type NodeRuntimeHandler struct {
Features *NodeRuntimeHandlerFeatures
}

// NodeFeatures describes the set of features implemented by the CRI implementation.
// The features contained in the NodeFeatures should depend on only cri implementation, be independent of runtime handlers,
// (i.e. it should not require inspecting any information from the OCI runtime-spec's features).
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same as my previous comment in the API description.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed in

mrunalp
mrunalp reviewed Jul 15, 2024
View reviewed changes
pkg/kubelet/container/runtime.go Outdated
@@ -556,6 +556,8 @@ type RuntimeStatus struct {
Conditions []RuntimeCondition
// Handlers is an array of current available handlers
Handlers []RuntimeHandler
// Features is the set of features implmented by the runtime
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

typo: implemented

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks! Fixed in f46ecf5

mrunalp
mrunalp reviewed Jul 15, 2024
View reviewed changes
pkg/kubelet/container/runtime.go Outdated
SupplementalGroupsPolicy bool
}

// String formats the runtime condition into human readable string.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

into a human

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fixed in f46ecf5

mrunalp
mrunalp reviewed Jul 15, 2024
View reviewed changes
staging/src/k8s.io/api/core/v1/types.go Outdated
// NodeRuntimeHandlerFeatures is a set of runtime features.
// NodeRuntimeHandlerFeatures is a set of features implemented by the runtime handler.
// The features contained in the NodeRuntimeHandlerFeatures should depend on the runtime handlers,
// (i.e. dependent to the information exposed by the OCI runtime-spec's features).
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same comment as above.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed in

mrunalp
mrunalp reviewed Jul 15, 2024
View reviewed changes
staging/src/k8s.io/api/core/v1/types.go Outdated
@@ -5891,6 +5893,15 @@ type NodeRuntimeHandler struct {
Features *NodeRuntimeHandlerFeatures `json:"features,omitempty" protobuf:"bytes,2,opt,name=features"`
}

// NodeFeatures describes the set of features implemented by the CRI implementation.
// The features contained in the NodeFeatures should depend on only cri implementation, be independent of runtime handlers,
// (i.e. it should not require inspecting any information from the OCI runtime-spec's features).
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same comment as above.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed in

@k8s-ci-robot k8s-ci-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Jul 16, 2024
@everpeace everpeace force-pushed the kep-3619-SupplementalGroupsPolicy-e2e branch from b4006ce to 775f05d Compare July 16, 2024 03:11
@k8s-ci-robot k8s-ci-robot removed the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jul 16, 2024
everpeace added 5 commits July 16, 2024 12:11
@everpeace
KEP-3619: CRI: add RuntimeFeatures.SupplementalGroupsPolicy in Status…
38e4c6b 
…Response

KEP-3619: don't capitalize comment in CRI

KEP-3619: fix typos and grammatical ones in CRI

KEP-3619: rephrase RuntimeFeatures, RuntimeHandlerFeatures comment in CRI
@everpeace
KEP-3619: API: add NodeFeatures.SupplementalGroupsPolicy in NodeStatus
5d75660 
KEP-3619: don't capitalize comment in K8S API

KEP-3619: fix typos and grammatical ones in K8s API

KEP-3619: rephrase NodeFeatures, NodeHandlerFeatures in K8s API
@everpeace
KEP-3619: Wiring up from RuntimeFeatures.SupplementalGroupsPolicy(CRI…
f46ecf5 
…) to NodeFeatures.SupplementalGroupsPolicy(API)

KEP-3619: fix typos in pkg/kubelet/container/runtime.go
@everpeace
KEP-3619: implement e2e test for SupplementalGroupsPolicy
a89bb01
@everpeace
KEP-3619: should check supplementalGroupsPolicyInUse for oldNode in d…
1663223 
…ropDisabledFields for node
@everpeace everpeace force-pushed the kep-3619-SupplementalGroupsPolicy-e2e branch from 775f05d to 1663223 Compare July 16, 2024 03:36
@k8s-ci-robot k8s-ci-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Jul 16, 2024
everpeace
everpeace commented Jul 16, 2024
View reviewed changes
Copy link
Contributor Author

@everpeace everpeace left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@mrunalp Thanks for your review! I addressed all your comments. And, I cleaned up my commits and rebased to the latest master.

PTAL🙇

mrunalp
mrunalp approved these changes Jul 16, 2024
View reviewed changes
Copy link
Contributor

@mrunalp mrunalp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jul 16, 2024
@k8s-ci-robot
Copy link
Contributor

LGTM label has been added.

Git tree hash: f26619eb4b2ebf9f17cbb87ffb35410f12d81053

@thockin
Copy link
Member

thockin commented Jul 16, 2024

/approve

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: everpeace, mrunalp, thockin

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jul 16, 2024
@k8s-ci-robot k8s-ci-robot merged commit fc3abda into kubernetes:master Jul 16, 2024
16 checks passed
@k8s-ci-robot k8s-ci-robot added this to the v1.31 milestone Jul 16, 2024
@everpeace everpeace mentioned this pull request Jul 17, 2024
Merged
@everpeace everpeace deleted the kep-3619-SupplementalGroupsPolicy-e2e branch July 17, 2024 13:54
@everpeace everpeace mentioned this pull request Oct 7, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mrunalp mrunalp mrunalp approved these changes

@andrewsykim andrewsykim Awaiting requested review from andrewsykim

@bart0sh bart0sh Awaiting requested review from bart0sh

@caesarxuchao caesarxuchao Awaiting requested review from caesarxuchao

@feiskyer feiskyer Awaiting requested review from feiskyer

@aojea aojea Awaiting requested review from aojea

@thockin thockin Awaiting requested review from thockin

@haircommander haircommander Awaiting requested review from haircommander

Assignees

@mrunalp mrunalp

@haircommander haircommander

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/code-generation area/kubelet area/test cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/api-change Categorizes issue or PR as related to adding, removing, or otherwise changing an API kind/feature Categorizes issue or PR as related to a new feature. lgtm "Looks good to me", indicates that a PR is ready to be merged. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. release-note Denotes a PR that will be considered when it comes time to generate release notes. sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. sig/apps Categorizes an issue or PR as relevant to SIG Apps. sig/node Categorizes an issue or PR as relevant to SIG Node. sig/testing Categorizes an issue or PR as relevant to SIG Testing. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. triage/accepted Indicates an issue or PR is ready to be actively worked on.
Projects
SIG Apps
Archived in project
SIG Node: code and documentation PRs
Archived in project
Milestone
v1.31
Development

Successfully merging this pull request may close these issues.
6 participants
@everpeace @k8s-ci-robot @k8s-triage-robot @thockin @haircommander @mrunalp