Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

annotate the kube-system namespace to allow kubeadm managed static Pod labels #1835

Open
neolit123 opened this issue Oct 15, 2019 · 12 comments
Open

annotate the kube-system namespace to allow kubeadm managed static Pod labels #1835

neolit123 opened this issue Oct 15, 2019 · 12 comments
Assignees
@neolit123
Labels
area/security lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. priority/backlog Higher priority than priority/awaiting-more-evidence.
Milestone
Next

Comments

@neolit123
Copy link
Member

neolit123 commented Oct 15, 2019
edited
Loading

update for the 1.23 cycle:
kubernetes/enhancements#1314 (comment)
looks like the design is going in a different direction. i have closed the PR to change kubeadm that follows it, but we should keep this issue open until a KEP update follows related to kubernetes/enhancements#1314

annotate the kube-system namespace to allow kubeadm managed static Pod labels, such as "tier" and "component".

this change is landing as alpha in 1.17 and by 1.19 it will be on by default (beta).

see:
https://github.com/kubernetes/enhancements/blob/master/keps/sig-auth/20190916-noderestriction-pods.md

tracking issue in k/e:

tracking issue for k/k:

The k8s-app label is used to match controllers for system components, and therefore should be explicitly disallowed.

looks like we also use the k8s-app label in the upgrade process, which should be revisited:
https://github.com/kubernetes/kubernetes/blob/3758426884e3c82cbd99c72e8015f4396f21fde2/cmd/kubeadm/app/phases/upgrade/prepull.go#L83
@neolit123 neolit123 self-assigned this Oct 15, 2019
@neolit123 neolit123 added this to the v1.17 milestone Oct 15, 2019
@neolit123 neolit123 added area/security priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete. lifecycle/active Indicates that an issue or PR is actively being worked on by a contributor. labels Oct 15, 2019
@neolit123
Copy link
Member Author

neolit123 commented Oct 15, 2019
edited
Loading

it's not a high priority for this cycle, but i have a WIP PR for this.
one decision we have to make is in which "kubeadm init" phase we want this annotation to happen.
my vote is the "control-plane" phase, before writing static pods.
EDIT: my mistake, this needs to happen after the "wait-control-plane" phase.

@tallclair tallclair mentioned this issue Oct 15, 2019
Merged
This was referenced Oct 15, 2019
Closed
Open
@ereslibre
Copy link
Contributor

/cc

1 similar comment
@SataQiu
Copy link
Member

SataQiu commented Oct 17, 2019

/cc

@neolit123 neolit123 modified the milestones: v1.17, v1.18 Nov 12, 2019
@neolit123
Copy link
Member Author

the work in on hold for 1.18
kubernetes/enhancements#1314 (comment)
moving to 1.19

@neolit123 neolit123 modified the milestones: v1.18, v1.19 Jan 20, 2020
@neolit123 neolit123 added priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. and removed priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete. labels Apr 1, 2020
@fabriziopandini
Copy link
Member

@neolit123 is this something we should work on for v1.19?

@neolit123
Copy link
Member Author

depends if kubernetes/enhancements#1314 is worked on for 1.19.

@neolit123 neolit123 added priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete. and removed priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. labels Jun 14, 2020
@neolit123 neolit123 modified the milestones: v1.19, v1.20 Jun 14, 2020
@neolit123 neolit123 removed the lifecycle/active Indicates that an issue or PR is actively being worked on by a contributor. label Jul 27, 2020
@fejta-bot
Copy link

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Oct 25, 2020
@neolit123
Copy link
Member Author

/remove-lifecycle stale

@k8s-ci-robot k8s-ci-robot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Oct 25, 2020
@neolit123 neolit123 removed this from the v1.20 milestone Dec 2, 2020
@neolit123 neolit123 added this to the v1.21 milestone Dec 2, 2020
@fejta-bot
Copy link

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Mar 2, 2021
@neolit123
Copy link
Member Author

/remove-lifecycle stale

@k8s-ci-robot k8s-ci-robot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Mar 2, 2021
@neolit123 neolit123 modified the milestones: v1.21, v1.22 Mar 9, 2021
@fejta-bot
Copy link

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Jun 7, 2021
@neolit123
Copy link
Member Author

neolit123 commented Jun 7, 2021 via email

@k8s-ci-robot k8s-ci-robot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Jun 7, 2021
@neolit123 neolit123 modified the milestones: v1.22, v1.23 Jul 5, 2021
@neolit123 neolit123 added the lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. label Sep 2, 2021
@neolit123 neolit123 modified the milestones: v1.23, v1.24 Nov 23, 2021
@neolit123 neolit123 modified the milestones: v1.24, Next Jan 11, 2022
@neolit123 neolit123 added priority/backlog Higher priority than priority/awaiting-more-evidence. and removed priority/important-longterm Important over the long term, but may not be staffed and/or may need multiple releases to complete. labels Jun 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@neolit123 neolit123

Labels
area/security lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. priority/backlog Higher priority than priority/awaiting-more-evidence.
Projects
None yet
Milestone
Next
Development

No branches or pull requests
6 participants
@ereslibre @neolit123 @fabriziopandini @SataQiu @k8s-ci-robot @fejta-bot