Kube like pods should share ipc,net,uts by default #10268
Conversation
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: flouthoc The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
flouthoc
force-pushed
the
kube-default-shared-namespace
branch
from
5feb478 to
6c614d0
Compare
flouthoc
force-pushed
the
kube-default-shared-namespace
branch
3 times, most recently
from
9f7be20 to
e11fb9a
Compare
|
should use |
flouthoc
force-pushed
the
kube-default-shared-namespace
branch
from
e11fb9a to
99dd454
Compare
|
Close: #9128 |
|
@zhangguanzhang Just waiting for tests to pass. Then i guess we could request to close this issue. |
|
Checking why this test is failing. |
openshift-ci-robot
added
the
do-not-merge/work-in-progress
flouthoc
force-pushed
the
kube-default-shared-namespace
branch
3 times, most recently
from
70c6f12 to
e862855
Compare
openshift-ci-robot
removed
the
do-not-merge/work-in-progress
|
@zhangguanzhang @mheon @rhatdan Above test is fixed issue was with registry url but now this existing test is failing Is this an issue with upstream or a flake ? |
flouthoc
force-pushed
the
kube-default-shared-namespace
branch
from
e862855 to
c105f2b
Compare
|
Doing a rebase with master to confirm if this is not a flake. |
|
@zhangguanzhang This is fixed :) |
| inspect := podmanTest.Podman([]string{"inspect", "testpod1", "--format", "'{{ .SharedNamespaces }}'"}) | ||
| inspect.WaitWithDefaultTimeout() | ||
| sharednamespaces := inspect.OutputToString() | ||
| Expect(sharednamespaces).To(ContainSubstring("ipc")) |
There was a problem hiding this comment.
can you add tests for uts and net too, or am I being oblivious and I'm missing them?
There was a problem hiding this comment.
@TomSweeneyRedHat You are right I missed checking string for uts and net. Thanks for pointing this out.
There was a problem hiding this comment.
ah seems like CI flake is still there will open/close PR to re-kick CI.
There was a problem hiding this comment.
@TomSweeneyRedHat this is resolved.
There was a problem hiding this comment.
also need pid namespace
There was a problem hiding this comment.
@zhangguanzhang Bug was with only ipc, net, uts but sure case should also pass with pid
There was a problem hiding this comment.
@zhangguanzhang @TomSweeneyRedHat Added pid as well let me know if anything else needs to be done.
I think rdoproject.org/github-check is a flake , repush should fix it. But let me know if this check is mandatory.
There was a problem hiding this comment.
@zhangguanzhang ah it was just a flake force pushed made checks happy again.
flouthoc
force-pushed
the
kube-default-shared-namespace
branch
2 times, most recently
from
50a91a8 to
70996cc
Compare
flouthoc
force-pushed
the
kube-default-shared-namespace
branch
3 times, most recently
from
b2eb143 to
1415278
Compare
flouthoc
force-pushed
the
kube-default-shared-namespace
branch
3 times, most recently
from
135898a to
1b90fcd
Compare
Signed-off-by: flouthoc <[email protected]>
flouthoc
force-pushed
the
kube-default-shared-namespace
branch
from
1b90fcd to
14a1a45
Compare
|
@zhangguanzhang @TomSweeneyRedHat this is ready for review all the comments seems to be resolved. CI is also happy now. |
|
@haircommander @umohnani8 PTAL |
|
LGTM, thanks @flouthoc |
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: flouthoc, rhatdan The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci
bot
added
lgtm
github-actions
bot
added
the
locked - please file new issue/PR
podman play kubeignores sharing ipc,net,uts namespaces whenevershareProcessNamespace: Trueis specified. However it works fine whenshareProcessNamespaceis not defined at all. While kube like pods must share ipc,net,uts in both cases.Ref Issue: #9128