-
Notifications
You must be signed in to change notification settings - Fork 4.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add fscrypt kernel options #14783
Add fscrypt kernel options #14783
Conversation
Enables filesystem encryption support in the minikube kernel. Allows users to use file level encryption on ext4. Signed-off-by: Marcel Lauhoff <marcel.lauhoff@suse.com>
Hi @irq0. Thanks for your PR. I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Can one of the admins verify this patch? |
I don't think my review counts for much, but this looks good to me. /lgtm |
@nixpanic: changing LGTM is restricted to collaborators In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Enabling fscrypt is unlikely to interfere with anything, as a user has to take extra steps to use it. The current minikube kernel only has support for one of the fscrypt-enabled file systems, ext4 [0]. To use fscrypt on ext4, a filesystem must have the non-default 'encrypt' feature enabled. So, there is no "stumbling" into this feature. Why have it in minikube than? As minikube is used as a base for CI testing in many projects, especially useful when testing storage related projects like container storage interface (CSI) drivers. Being able to test a CSI driver that uses fscrypt on minikube would be just awesome. The first project that would benefit is Ceph CSI, where fscrypt on ext4 on Rados Block Devices (RBD) is currently on the way [1] and the CI uses minikube. [0] https://github.com/google/fscrypt#runtime-dependencies |
/ok-to-test |
/lgtm |
/assign @prezha |
ok-to-build-iso |
Hi @irq0, we have updated your PR with the reference to newly built ISO. Pull the changes locally if you want to test with them or update your PR further. |
re-applying lgtm |
/ok-to-test |
kvm2 driver with docker runtime
Times for minikube start: 56.6s 56.3s 56.5s 57.0s 54.7s Times for minikube ingress: 26.6s 28.6s 29.1s 28.7s 26.1s docker driver with docker runtime
Times for minikube start: 27.5s 27.6s 28.9s 28.8s 28.6s Times for minikube ingress: 83.5s 23.5s 22.0s 22.0s 27.0s docker driver with containerd runtime
Times for minikube start: 24.4s 24.1s 24.1s 24.6s 22.8s Times for minikube (PR 14783) ingress: 27.0s 27.0s 26.5s 27.5s 27.0s |
These are the flake rates of all failed tests.
Too many tests failed - See test logs for more details. To see the flake rates of all tests by environment, click here. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the PR!
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: irq0, nixpanic, reylejano, spowelljr The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
The fscrypt kernel module has been enabled, yay! See-also: kubernetes/minikube#14783 Updates: ceph#3310 Signed-off-by: Niels de Vos <ndevos@redhat.com>
The fscrypt kernel module has been enabled, yay! See-also: kubernetes/minikube#14783 Updates: ceph#3310 Signed-off-by: Niels de Vos <ndevos@redhat.com>
The fscrypt kernel module has been enabled, yay! See-also: kubernetes/minikube#14783 Updates: #3310 Signed-off-by: Niels de Vos <ndevos@redhat.com>
The fscrypt kernel module has been enabled, yay! See-also: kubernetes/minikube#14783 Updates: ceph#3310 Signed-off-by: Niels de Vos <ndevos@redhat.com>
Enables filesystem encryption support in the minikube kernel. Allows
users to use file level encryption on ext4.
Signed-off-by: Marcel Lauhoff marcel.lauhoff@suse.com