Uploaded image for project: 'OpenShift Storage'
  1. OpenShift Storage
  2. STOR-2771

[Downstream] GA preparation - SELinux context mounts for RWO/RWX PVs

XMLWordPrintable

    • [Downstream] GA preparation - SELinux context mounts for RWO/RWX PVs
    • To Do
    • Future Sustainability
    • OCPSTRAT-2654Implement RWO/RWX SELinux context mounts (GA)
    • 100% To Do, 0% In Progress, 0% Done
    • False
    • Hide

      None

      Show
      None
    • False
    • Green
    • None
    • None
    • None

      Epic Goal*

      if SELinux context mounts go GA in Kubernetes 1.36 (= OCP 4.23; STOR-2719), we need to prepare 4.22 for that:

      • Mark cluster un-upgradeable when it has applications that could break when SELinuxMount goes GA in 4.23.
      • Raise corresponding alerts.
      • Document how to fix these issues and make the cluster upgradeable.

       
      Why is this important? (mandatory)
      SELinuxMount feature changes the default behavior of Pods. Some Pods might not start when SELinuxMount gets GA. We need to make sure there are no such Pods (= applications) before such upgrade. The cluster admin must either opt-out from the new behavior (per namespace) or fix their applications, so the upgrade is safe.
       
      Scenarios (mandatory) 

      Provide details for user scenarios including actions to be performed, platform specifications, and user personas.  

      1. As cluster admin I can see what applications (pods) would break before upgrade to 4.23 with SELinuxMount GA.
      2. As cluster admin, I can't upgrade to 4.23 where SELinuxMount is GA and it would break my applications. I can rely on OCP marking the cluster Upgradeable = True only when I fixed all my apps or opted out from the breaking behavior and the upgrade won't break anything.

       
      Dependencies (internal and external) (mandatory)

      Depends on upstream plans with SELinuxMount GA.

      Contributing Teams(and contacts) (mandatory) 

      Our expectation is that teams would modify the list below to fit the epic. Some epics may not need all the default groups but what is included here should accurately reflect who will be involved in delivering the epic.

      • Development - 
      • Documentation -
      • QE - 
      • PX - 
      • Others -

      Acceptance Criteria (optional)

      Drawbacks or Risk (optional)

      Done - Checklist (mandatory)

      The following points apply to all epics and are what the OpenShift team believes are the minimum set of criteria that epics should meet for us to consider them potentially shippable. We request that epic owners modify this list to reflect the work to be completed in order to produce something that is potentially shippable.

      • CI Testing -  Basic e2e automationTests are merged and completing successfully
      • Documentation - Content development is complete.
      • QE - Test scenarios are written and executed successfully.
      • Technical Enablement - Slides are complete (if requested by PLM)
      • Engineering Stories Merged
      • All associated work items with the Epic are closed
      • Epic status should be “Release Pending” 

              rhn-engineering-jsafrane Jan Safranek
              rh-gs-gcharot Gregory Charot
              None
              None
              Chao Yang Chao Yang
              None
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:

                  Estimated:
                  Original Estimate - 4 weeks
                  4w
                  Remaining:
                  Remaining Estimate - 4 weeks
                  4w
                  Logged:
                  Time Spent - Not Specified
                  Not Specified