-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Kubelet option to enable seccomp by default #2413
Comments
Is this also relevant to SIG Security? |
Yes, I think so: |
Enhancements Freeze is 2 days away, Feb 9th EOD PST Enhancements team is aware that KEP update is currently in progress (PR #2414). Please make sure to work on missing requirements and get it merged before the freeze. For PRR related questions or to boost the PR for PRR review, please reach out in slack #prod-readiness Any enhancements that do not complete the KEP requirements by the freeze will require an exception. |
Hi @saschagrunert, Thank you for the update! With Enhancements Freeze now in effect, I will clear the milestone to reflect that this enhancement is not being tracked for 1.21. If you change your mind and like to be included in the 1.21 Release, please submit an Exception Request as soon as possible. /milestone clear |
/milestone v1.22 |
Greetings @saschagrunert!
Friendly reminder that the Enhancement freeze is this Thursday 5/13. |
Comment's been updated. |
Greetings @saschagrunert! Thanks! |
Hey @jrsapi 👋, I think SIG Security only needs to be aware that this KEP exists, so it's just informal. 😊 |
Greetings @saschagrunert, Thanks! |
@jrsapi thank you for the reminder, the alpha implementation is now done 😊 |
thanks @saschagrunert |
Hello @saschagrunert 👋, Enhancements team here. Just checking in as we approach Enhancements freeze on 18:00 PDT Thursday 9th February 2023. This enhancement is targeting for stage Here's where this enhancement currently stands:
For this KEP, we would need to update the following:
The status of this enhancement is marked as |
Hey again @saschagrunert |
#3718 is merged. Can this be tracked? |
Hey folks, I added a follow-up PR on top of the latest changes which add the missing question: #3864 Should be a no-op since we answer the question with "No". |
@Atharva-Shinde this one should be good to go |
This enhancement meets all the requirements to be tracked in the v1.27 release. |
I modified the title / description to clarify that this enhancement gives the kubelet an option to enable seccomp by default, but does not change default behavior unless the node administrator opts in by setting this kubelet option (xref initial PRR discussion about requiring an opt-in flag even in GA at kubernetes/kubernetes#101943 (comment)) |
Hello @saschagrunert 👋🏾 ! @katmutua 1.27 Release Docs shadow here. This enhancement is marked as ‘Needs Docs’ for 1.27 release. Please follow the steps detailed in the documentation to open a PR against dev-1.27 branch in the k/website repo. This PR can be just a placeholder at this time, and must be created by March 16. For more information, please take a look at Documenting for a release to familiarize yourself with the documentation requirements for the release. If you already have existing open PRs please link them to the description so we can easily track them. Thanks! |
Thank you @katmutua, the placeholder PR is now available in kubernetes/website#39906 |
Hey again @saschagrunert 👋 Enhancements team here, Here's where this enhancement currently stands:
Also please let me know if there are other PRs in k/k we should be tracking for this KEP. |
/stage stable |
This is done |
Is there any discussion about making it "literally" default? |
@AkihiroSuda unfortunately not, because it could implicitly break existing workloads on upgrades. |
/remove-label lead-opted-in |
Enhancement Description
https://docs.google.com/document/d/1Ne57gvidMEWXR70OxxnRkYquAoMpt56o75oZtg-OeBg/edit
https://docs.google.com/document/d/1U10J0WwgWXkdYrqWGGvO8iH2HKeerQAlygnqgDgWv4E/edit#
k/enhancements
) update PR(s): Add KEP for enabling seccomp by default #2414 Update SeccompDefault KEP upgrade strategy #2773k/k
) update PR(s): Add kubeletSeccompDefault
alpha feature kubernetes#101943k/website
) update PR(s): Add documentation aboutSeccompDefault
feature website#27957k/enhancements
) update PR(s): KEP-2413: Graduate SeccompDefault feature to beta #3240k/k
) update PR(s): Graduate SeccompDefault feature to beta kubernetes#110805k/website
) update(s):Graduate SeccompDefault feature to beta website#34640
Improve 'Seccomp defaulting' feature name website#35121
k/enhancements
) update PR(s):k/k
) update PR(s):SeccompDefault
feature to stable / GA kubernetes#115719k/website
) update(s): [KEP-2413] Add docs for SeccompDefault graduation website#39906/sig node
/cc @mrunalp
The text was updated successfully, but these errors were encountered: