KEP-3314: adding beta PRR documentation#5877
Conversation
k8s-ci-robot
added
the
kind/kep
k8s-ci-robot
added
the
sig/storage
k8s-ci-robot
added
the
needs-ok-to-test
|
Hi @carlbraganza. Thanks for your PR. I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
k8s-ci-robot
added
size/M
|
/ok-to-test |
k8s-ci-robot
added
ok-to-test
carlbraganza
force-pushed
the
kep3314-beta
branch
from
ab59cb0 to
55efa98
Compare
carlbraganza
force-pushed
the
kep3314-beta
branch
from
55efa98 to
0495898
Compare
carlbraganza
force-pushed
the
kep3314-beta
branch
4 times, most recently
from
6f475d4 to
943a783
Compare
|
General comment: Please provide more details when you say "CSI driver specific." For e2e tests, please include links to the test files. |
carlbraganza
force-pushed
the
kep3314-beta
branch
from
943a783 to
1d3cb5e
Compare
k8s-ci-robot
added
size/L
| installed by the CSI driver, or by | ||
| reinstalling the CSI driver without this feature enabled. | ||
|
|
||
| It can also be effectively disabled by modifying the CSI driver specific |
There was a problem hiding this comment.
You would still likely have at least one cluster-admin in the cluster that could still use it. I wouldn't say this is a valid way to disable the feature.
There was a problem hiding this comment.
Okay, I'll remove this.
carlbraganza
left a comment
carlbraganza
left a comment
There was a problem hiding this comment.
@stlaz I hope I've addressed all your feedback.
| installed by the CSI driver, or by | ||
| reinstalling the CSI driver without this feature enabled. | ||
|
|
||
| It can also be effectively disabled by modifying the CSI driver specific |
There was a problem hiding this comment.
Okay, I'll remove this.
carlbraganza
force-pushed
the
kep3314-beta
branch
from
1d3cb5e to
53cbccf
Compare
carlbraganza
force-pushed
the
kep3314-beta
branch
from
53cbccf to
8d7844d
Compare
| [TokenReview](https://kubernetes.io/docs/reference/kubernetes-api/authentication-resources/token-review-v1/) and | ||
| [SubjectAccessReview](https://kubernetes.io/docs/reference/kubernetes-api/authorization-resources/subject-access-review-v1/) | ||
| APIs are controlled by Kubernetes security policy. | ||
| A side effect of the use of these APIs is that it partially mitigates |
There was a problem hiding this comment.
@kubernetes/sig-auth-proposals This KEP suggests that an unauthenticated client can cause N authenticated clients to fan out requests to the KAS until KAS starts rate-limiting each of these authenticated clients. N is the number of CSI driver instances installed in the cluster.
Is this ok?
| No integration tests are required. This feature is better tested with e2e tests. | ||
| [Integration tests](https://github.com/kubernetes-csi/external-snapshot-metadata/blob/main/.github/workflows/integration-test.yaml) |
There was a problem hiding this comment.
Permanent link, please.
Why is this considered an integration test?
There was a problem hiding this comment.
Can we point to actual testing code, not the workflow that runs them?
There was a problem hiding this comment.
I think that is because its run as part of the CI steps. Its scope is beyond that of a unit test.
I've changed the link to a permanent link.
There was a problem hiding this comment.
I think that is because its run as part of the CI steps. Its scope is beyond that of a unit test.
Yes, but the way these tests work actually makes them e2e tests, not integration tests. You're testing an actual user scenario from start to finish, rather than observing how certain units interact with each other in a simulated/isolated environment.
When you actually need a running kube cluster for a test, you're not very likely to be doing integration testing.
| block mode backups should become more efficient in both storage | ||
| space and time utilization. | ||
| The `GetMetadataAllocated` and `GetMetadataDelta` snapshot metadata operations | ||
| should be successful most of time. |
There was a problem hiding this comment.
Define "most of the time" with a specific number.
There was a problem hiding this comment.
I have no basis on which to propose a number. Given that nothing is 100% successful, I reworded this in relative terms:
The
GetMetadataAllocatedandGetMetadataDeltasnapshot metadata operations
should be as successful as an existingCreateSnapshotCSI operation on the
same volume, assuming that sufficient cluster resources are available for the
duration of the operation.
k8s-ci-robot
added
sig/auth
soltysh
left a comment
soltysh
left a comment
There was a problem hiding this comment.
A few more questions from PRR
| No integration tests are required. This feature is better tested with e2e tests. | ||
| [Integration tests](https://github.com/kubernetes-csi/external-snapshot-metadata/blob/main/.github/workflows/integration-test.yaml) |
There was a problem hiding this comment.
Can we point to actual testing code, not the workflow that runs them?
| We expect no non-infra related flakes in the last month as a GA graduation criteria. | ||
| --> | ||
|
|
||
| Link: [SnapshotMetadata E2E test PR](https://github.com/kubernetes/kubernetes/pull/130918) |
There was a problem hiding this comment.
These tests are part of alpha requirements, and they are NOT merged yet. So how are you planning to deliver beta?
There was a problem hiding this comment.
Are there others, can you link them here?
There was a problem hiding this comment.
Can we point to actual testing code, not the workflow that runs them?
I changed the text to read:
Integration tests are built into the build process. The test is based on the CSI Hostpath driver and uses the snapshot-metadata-lister and snapshot-metadata-verifier commands built by in the
external-snapshot-metadatarepository, yq,kubectland other standard Linux utilities. See the workflow script for test details.
These tests are part of alpha requirements, and they are NOT merged yet. So how are you planning to deliver beta?
Others are working on getting this merged ASAP.
There was a problem hiding this comment.
These tests are part of alpha requirements, and they are NOT merged yet. So how are you planning to deliver beta?
I see the linked PR is tagged for merge, that's a bit better.
There was a problem hiding this comment.
@carlbraganza can you replace the PR with this link for the merged test? https://github.com/kubernetes/kubernetes/blob/master/test/e2e/storage/testsuites/snapshot-metadata.go
| feature-gates: | ||
| - name: | ||
| components: | ||
| disable-supported: true |
There was a problem hiding this comment.
Can you put here information, that this is separate component. I keep forgetting that and need to look in other places for this.
carlbraganza
force-pushed
the
kep3314-beta
branch
from
8d7844d to
4a04124
Compare
carlbraganza
force-pushed
the
kep3314-beta
branch
from
4a04124 to
428c1a5
Compare
carlbraganza
force-pushed
the
kep3314-beta
branch
from
428c1a5 to
7ba75b7
Compare
soltysh
left a comment
soltysh
left a comment
There was a problem hiding this comment.
/approve
the PRR section
| We expect no non-infra related flakes in the last month as a GA graduation criteria. | ||
| --> | ||
|
|
||
| Link: [SnapshotMetadata E2E test PR](https://github.com/kubernetes/kubernetes/pull/130918) |
There was a problem hiding this comment.
These tests are part of alpha requirements, and they are NOT merged yet. So how are you planning to deliver beta?
I see the linked PR is tagged for merge, that's a bit better.
|
Test PR kubernetes/kubernetes#130918 is merged. /lgtm |
k8s-ci-robot
added
the
lgtm
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: carlbraganza, soltysh, xing-yang The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
5 participants
Uh oh!
There was an error while loading. Please reload this page.