Skip to content

Adding SnapshotLock Capabilities #2797

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
k8s-ci-robot merged 1 commit into from
Jan 15, 2026
Merged

Adding SnapshotLock Capabilities #2797

k8s-ci-robot merged 1 commit into from
Jan 15, 2026

Conversation

@mdzraf
Copy link
Member

@mdzraf mdzraf commented Nov 25, 2025
edited by ConnorJC3
Loading

What type of PR is this?

/kind feature

What is this PR about? / Why do we need it?

This PR adds the ability for users to lock snapshots on creation by passing in desired LockSnapshot parameters through the VolumeSnapshotClass.

How was this change tested?

Ran various unit tests as well as e2e tests that:

  • Created locked snapshots in governance mode
  • Create locked snapshots in compliance mode
  • Create locked snapshots with FSR

Also manually tested by running a modified version of our snapshot example.

  • In the examples/kubernetes/snapshot Change snapshotclass.yaml to:
apiVersion: snapshot.storage.k8s.io/v1
kind: VolumeSnapshotClass
metadata:
  name: csi-aws-vsc
driver: ebs.csi.aws.com
deletionPolicy: Delete
parameters: 
  snapshotLockMode: "governance"
  snapshotLockDuration: "1"
  • Run through example, and just make sure to unlock snapshot through AWS CLI before doing cleanup by running:
aws ec2 unlock-snapshot --snapshot-id  snap-<snapshot-id>

Does this PR introduce a user-facing change?

Added VolumeSnapshotClass parameters to lock EBS snapshots after creation.

@k8s-ci-robot k8s-ci-robot added release-note Denotes a PR that will be considered when it comes time to generate release notes. do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. kind/feature Categorizes issue or PR as related to a new feature. labels Nov 25, 2025
@k8s-ci-robot k8s-ci-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Nov 25, 2025
@github-actions
Copy link

github-actions bot commented Nov 25, 2025
edited
Loading

Code Coverage Diff

This PR does not change the code coverage

@ConnorJC3
Copy link
Contributor

ConnorJC3 commented Dec 1, 2025

/retest

@mdzraf mdzraf force-pushed the snapshotLockOnCreate branch from 5a301d7 to 94ec03f Compare December 2, 2025 18:12
@k8s-ci-robot k8s-ci-robot added size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Dec 2, 2025
@mdzraf mdzraf force-pushed the snapshotLockOnCreate branch 2 times, most recently from a809c40 to 744ab62 Compare December 2, 2025 19:21
@mdzraf mdzraf changed the title [WIP] Adding SnapshotLock Capabilities Adding SnapshotLock Capabilities Dec 2, 2025
@k8s-ci-robot k8s-ci-robot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Dec 2, 2025
@mdzraf
Copy link
Member Author

mdzraf commented Dec 2, 2025

/hold

Waiting on managed policy change.

@k8s-ci-robot k8s-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Dec 2, 2025
torredil
torredil reviewed Dec 2, 2025
View reviewed changes
@mdzraf mdzraf force-pushed the snapshotLockOnCreate branch 4 times, most recently from 53808c2 to f7a57e0 Compare December 3, 2025 17:51
torredil
torredil approved these changes Dec 4, 2025
View reviewed changes
Copy link
Member

@torredil torredil left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Dec 4, 2025
ElijahQuinones
ElijahQuinones reviewed Dec 9, 2025
View reviewed changes
@mdzraf mdzraf force-pushed the snapshotLockOnCreate branch from f7a57e0 to 1c8f93d Compare December 16, 2025 18:40
@k8s-ci-robot k8s-ci-robot removed the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Dec 16, 2025
ConnorJC3
ConnorJC3 reviewed Dec 17, 2025
View reviewed changes
@mdzraf mdzraf force-pushed the snapshotLockOnCreate branch from 1c8f93d to f248c08 Compare December 24, 2025 17:51
ConnorJC3
ConnorJC3 reviewed Jan 6, 2026
View reviewed changes
Copy link
Contributor

@ConnorJC3 ConnorJC3 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@k8s-ci-robot k8s-ci-robot added lgtm "Looks good to me", indicates that a PR is ready to be merged. needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. labels Jan 6, 2026
@mdzraf mdzraf force-pushed the snapshotLockOnCreate branch from f248c08 to 1f20329 Compare January 12, 2026 14:17
@k8s-ci-robot k8s-ci-robot removed lgtm "Looks good to me", indicates that a PR is ready to be merged. needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. labels Jan 12, 2026
@mdzraf mdzraf force-pushed the snapshotLockOnCreate branch from 1f20329 to da47861 Compare January 12, 2026 14:35
ConnorJC3
ConnorJC3 approved these changes Jan 15, 2026
View reviewed changes
Copy link
Contributor

@ConnorJC3 ConnorJC3 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jan 15, 2026
torredil
torredil approved these changes Jan 15, 2026
View reviewed changes
Copy link
Member

@torredil torredil left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm
/approve
/hold

@k8s-ci-robot
Copy link
Contributor

k8s-ci-robot commented Jan 15, 2026

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: torredil

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jan 15, 2026
@mdzraf
Copy link
Member Author

mdzraf commented Jan 15, 2026

/unhold

Managed Policy has been updated to have LockSnapshot permissions.

@k8s-ci-robot k8s-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Jan 15, 2026
@k8s-ci-robot k8s-ci-robot merged commit 78b9b27 into kubernetes-sigs:master Jan 15, 2026
17 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ElijahQuinones ElijahQuinones ElijahQuinones left review comments

@ConnorJC3 ConnorJC3 ConnorJC3 approved these changes

@torredil torredil torredil approved these changes

Assignees

@ConnorJC3 ConnorJC3

@torredil torredil

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/feature Categorizes issue or PR as related to a new feature. lgtm "Looks good to me", indicates that a PR is ready to be merged. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@mdzraf @ConnorJC3 @k8s-ci-robot @torredil @ElijahQuinones