Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Automated cherry pick of #114923: Do not leak cross namespace pod metadata in preemption events #114946

Merged
merged 2 commits into from Jan 13, 2023
Merged

Automated cherry pick of #114923: Do not leak cross namespace pod metadata in preemption events #114946

merged 2 commits into from Jan 13, 2023

Conversation

mimowo
Copy link
Contributor

@mimowo mimowo commented Jan 10, 2023
edited by liggitt

Cherry pick of #114923 on release-1.26.

#114923: Do not leak cross namespace pod metadata in preemption events

For details on the cherry pick process, see the cherry pick requests page.

Fix regression in 1.23: Do not include preemptor pod metadata in the event message

@k8s-ci-robot k8s-ci-robot added this to the v1.26 milestone Jan 10, 2023
@k8s-ci-robot k8s-ci-robot added do-not-merge/cherry-pick-not-approved Indicates that a PR is not yet approved to merge into a release branch. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. do-not-merge/needs-kind Indicates a PR lacks a `kind/foo` label and requires one. do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Jan 10, 2023
@k8s-ci-robot
Copy link
Contributor

@mimowo: This issue is currently awaiting triage.

If a SIG or subproject determines this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot added needs-priority Indicates a PR lacks a `priority/foo` label and requires one. release-note Denotes a PR that will be considered when it comes time to generate release notes. labels Jan 10, 2023
@mimowo
Copy link
Contributor Author

mimowo commented Jan 10, 2023

/assign @alculquicondor

@k8s-ci-robot k8s-ci-robot added the sig/scheduling Categorizes an issue or PR as relevant to SIG Scheduling. label Jan 10, 2023
@k8s-ci-robot k8s-ci-robot removed the do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. label Jan 10, 2023
@kerthcet
Copy link
Member

It's a security fix, worths cherry pick.
/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jan 10, 2023
@mimowo
Copy link
Contributor Author

mimowo commented Jan 10, 2023

The question remains how long to the past we want to cherry-pick it @Huang-Wei @alculquicondor @kerthcet.

It was in 1.23-1.26 in the same file, so it should be easy to cherry-pick:

kubernetes/pkg/scheduler/framework/preemption/preemption.go

Line 347 in 548d5d2

fh.EventRecorder().Eventf(victim, pod, v1.EventTypeNormal, "Preempted", "Preempting", "Preempted by %v/%v on node %v",
.

It was also in 1.19-1.22, but in a different file:

kubernetes/pkg/scheduler/framework/plugins/defaultpreemption/default_preemption.go

Line 603 in 8dd52e6

fh.EventRecorder().Eventf(victim, pod, v1.EventTypeNormal, "Preempted", "Preempting", "Preempted by %v/%v on node %v",
.

I could not find it prior to 1.19.

@kerthcet
Copy link
Member

FYI: releases prior to v1.23 are out of support now. see https://kubernetes.io/releases/patch-releases/#detailed-release-history-for-active-branches

@Huang-Wei
Copy link
Member

The question remains how long to the past we want to cherry-pick it @Huang-Wei @alculquicondor @kerthcet.

Let's port it back to all supported versions, i.e., 1.24 and 1.25 additionally.

/approve

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jan 10, 2023
@mimowo
Copy link
Contributor Author

mimowo commented Jan 10, 2023

@Huang-Wei no need for 1.23? its end of life is 2023-02-28.

@alculquicondor
Copy link
Member

/approve cancel

https://github.com/kubernetes/kubernetes/pull/114923/files#r1066128262

@alculquicondor
Copy link
Member

/lgtm cancel

@k8s-ci-robot k8s-ci-robot removed the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jan 10, 2023
@mimowo
Copy link
Contributor Author

mimowo commented Jan 12, 2023

@alculquicondor @Huang-Wei I have cherry-picked the new master commit (to not include the scheduler name in the message name) onto this branch. PTAL.

@alculquicondor
Copy link
Member

/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jan 12, 2023
@k8s-ci-robot
Copy link
Contributor

LGTM label has been added.

Git tree hash: d54d584a5a27c71cea4c1e47ce9c57ff04e5e552

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: alculquicondor, Huang-Wei, mimowo

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@alculquicondor
Copy link
Member

We need a cherry-pick for the releases that haven't reached EoL.

@mimowo
Copy link
Contributor Author

mimowo commented Jan 12, 2023

We need a cherry-pick for the releases that haven't reached EoL.

Prepared:

@Verolop
Copy link

Verolop commented Jan 13, 2023

/kind bug

@k8s-ci-robot k8s-ci-robot added kind/bug Categorizes issue or PR as related to a bug. and removed do-not-merge/needs-kind Indicates a PR lacks a `kind/foo` label and requires one. labels Jan 13, 2023
@Verolop
Copy link

Verolop commented Jan 13, 2023

/lgtm

@Verolop Verolop added the cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. label Jan 13, 2023
@k8s-ci-robot k8s-ci-robot removed the do-not-merge/cherry-pick-not-approved Indicates that a PR is not yet approved to merge into a release branch. label Jan 13, 2023
@k8s-ci-robot k8s-ci-robot merged commit 47f0a82 into kubernetes:release-1.26 Jan 13, 2023
@liggitt liggitt added the kind/regression Categorizes issue or PR as related to a regression from a prior release. label Jan 30, 2023
@mimowo mimowo deleted the automated-cherry-pick-of-#114923-upstream-release-1.26 branch March 18, 2023 18:37
@liggitt liggitt removed the kind/regression Categorizes issue or PR as related to a regression from a prior release. label Sep 9, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kerthcet kerthcet Awaiting requested review from kerthcet

@sanposhiho sanposhiho Awaiting requested review from sanposhiho

@alculquicondor alculquicondor Awaiting requested review from alculquicondor

Assignees

@alculquicondor alculquicondor

@Verolop Verolop

@kerthcet kerthcet

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/bug Categorizes issue or PR as related to a bug. lgtm "Looks good to me", indicates that a PR is ready to be merged. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. release-note Denotes a PR that will be considered when it comes time to generate release notes. sig/scheduling Categorizes an issue or PR as relevant to SIG Scheduling. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.
Projects
None yet
Milestone
v1.26
Development

Successfully merging this pull request may close these issues.

None yet
7 participants
@mimowo @k8s-ci-robot @kerthcet @Huang-Wei @alculquicondor @Verolop @liggitt