Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ensure secret pulled images #2535

Open
4 tasks
adisky opened this issue Feb 22, 2021 · 49 comments
Open
4 tasks

Ensure secret pulled images #2535

adisky opened this issue Feb 22, 2021 · 49 comments
Assignees
Labels
sig/node Categorizes an issue or PR as relevant to SIG Node. stage/alpha Denotes an issue tracking an enhancement targeted for Alpha status

Comments

@adisky
Copy link
Contributor

adisky commented Feb 22, 2021

Enhancement Description

Please keep this description up to date. This will help the Enhancement Team to track the evolution of the enhancement efficiently.

/sig node

@k8s-ci-robot k8s-ci-robot added the sig/node Categorizes an issue or PR as relevant to SIG Node. label Feb 22, 2021
@adisky adisky changed the title Ensure secure image access Ensure secret pulled images Feb 22, 2021
@mikebrow
Copy link
Member

Thx @adisky

@ehashman
Copy link
Member

ehashman commented May 4, 2021

/stage stable
/milestone v1.22

Note: Since this is a bugfix Mike would like to target graduation directly to stable.

@k8s-ci-robot k8s-ci-robot added the stage/stable Denotes an issue tracking an enhancement targeted for Stable/GA status label May 4, 2021
@k8s-ci-robot k8s-ci-robot added this to the v1.22 milestone May 4, 2021
@JamesLaverack JamesLaverack added the tracked/yes Denotes an enhancement issue is actively being tracked by the Release Team label May 5, 2021
@JamesLaverack
Copy link
Member

Hey @mikebrow, 1.22 Enhancements Lead here. 👋

Note: Since this is a bugfix Mike would like to target graduation directly to stable.

@ehashman That should be fine so long as SIG Node are happy with that. (cc @dchen1107 @derekwaynecarr)

I'm aware there's an open PR for your KEP open, but I'd just like to highlight a few things. By enhancements freeze (23:59:59 PST on Thursday 13th May) we require the following:

  • Your KEP must be merged, including both a README.md and a kep.yaml these should be using the latest templates. For example the directory name should include the enhancement number (2535, in this case). This should be fully complete, including graduation criteria and a test plan.
  • We require an approved production readiness review. Please see the PRR documentation for further details.

@JamesLaverack
Copy link
Member

Hi @mikebrow, 1.22 Enhancements Lead here. 👋 With enhancements freeze now in effect we are removing this enhancement from the 1.22 release.

Feel free to file an exception to add this back to the release. If you plan to do so, please file this as early as possible.

Thanks!
/milestone clear

@k8s-ci-robot k8s-ci-robot removed this from the v1.22 milestone May 14, 2021
@JamesLaverack JamesLaverack added tracked/no Denotes an enhancement issue is NOT actively being tracked by the Release Team and removed tracked/yes Denotes an enhancement issue is actively being tracked by the Release Team labels May 14, 2021
@mikebrow
Copy link
Member

exception was filed last week.. no response yet. KEP updated to latest format and to resolve review questions (mainly added feature gate and switch to alpha vs going directly to GA. Code PR needs final reviews to go over the added feature gate.

@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle stale
  • Mark this issue or PR as rotten with /lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Aug 24, 2021
@salaxander
Copy link

/remove-lifecycle stale
/milestone v1.23

@k8s-ci-robot k8s-ci-robot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Aug 31, 2021
@k8s-ci-robot k8s-ci-robot added this to the v1.23 milestone Aug 31, 2021
@salaxander salaxander added tracked/yes Denotes an enhancement issue is actively being tracked by the Release Team and removed tracked/no Denotes an enhancement issue is NOT actively being tracked by the Release Team labels Aug 31, 2021
@Priyankasaggu11929
Copy link
Member

Hi @adisky! 1.23 Enhancements team here. Just checking in as we approach enhancements freeze on Thursday 09/09. Here's where this enhancement currently stands:

  • KEP file using the latest template has been merged into the k/enhancements repo.
  • KEP status is marked as implementable
  • KEP has a test plan section filled out.
  • KEP has up to date graduation criteria.
  • KEP has a production readiness review that has been completed and merged into k/enhancements.

Looks like for this one, we would need the following:


Also, could we please add some more information in the Test Plan section? Currently, the section is pointing towards checking a PR, could we add some relevant links or more pointers or have the tests specified inline? Thank you.

### Test Plan

See PR (exhaustive unit tests added for alpha covering feature gate on and off for new and modified functions)

Thank you!

@adisky
Copy link
Contributor Author

adisky commented Sep 7, 2021

Hi @adisky! 1.23 Enhancements team here. Just checking in as we approach enhancements freeze on Thursday 09/09. Here's where this enhancement currently stands:

  • KEP file using the latest template has been merged into the k/enhancements repo.
  • KEP status is marked as implementable
  • KEP has a test plan section filled out.
  • KEP has up to date graduation criteria.
  • KEP has a production readiness review that has been completed and merged into k/enhancements.

Looks like for this one, we would need the following:

Also, could we please add some more information in the Test Plan section? Currently, the section is pointing towards checking a PR, could we add some relevant links or more pointers or have the tests specified inline? Thank you.

### Test Plan

See PR (exhaustive unit tests added for alpha covering feature gate on and off for new and modified functions)

Thank you!

cc @mikebrow

@mikebrow
Copy link
Member

mikebrow commented Sep 8, 2021

@adisky @Priyankasaggu11929 I updated the KEP adding a description for the test plan and links.. and updated the KEP's alpha target from 1.22 to 1.23.

@Priyankasaggu11929
Copy link
Member

Thank you so much for adding the changes, @mikebrow.

Just to confirm once:

Could you please confirm this part. Thanks once again. :)

@mikebrow
Copy link
Member

mikebrow commented Sep 8, 2021

* As you mentioned above, this enhancement is targeting at `stage: alpha`, so is it right to change the `stage: stable` to `stage: alpha` on this issue?

Yes, it is right to change the stage to alpha.

* But the [commit changes for updating the KEP's alpha target & the latest-milestone](https://github.com/kubernetes/enhancements/pull/1608/files#diff-b0309577eac7d6f66d23c210698d6f71cfa45c5af46b20d27e2d5c867fcf6de1R20-R25) didn't come through.

Forgot to hit the save button on those changes :-) Fixed now. Cheers, Mike

@Priyankasaggu11929 Priyankasaggu11929 added stage/alpha Denotes an issue tracking an enhancement targeted for Alpha status and removed stage/stable Denotes an issue tracking an enhancement targeted for Stable/GA status labels Sep 8, 2021
@Priyankasaggu11929
Copy link
Member

Thanks for the changes @mikebrow :)

@Priyankasaggu11929
Copy link
Member

Hello @mikebrow, just checking in as we approach 1.23 enhancements freeze tonight (09/09/2021, 23:59 PDT). Looks like the PR #1608 has got both lgtm, & approve label. But there's an hold on the merge.

Screenshot from 2021-09-10 07-09-21

Is it intended or can be removed to go ahead.? As with the PR merged, this enhancements will be ready for the 1.23 enhancements freeze tonight.

Thank you!

@Priyankasaggu11929
Copy link
Member

Just an update, the don-not-merge/hold label was removed manually since all the requirements were met.

The KEP is now tracked for the kubernetes 1.23 release. Thank you so much @mikebrow.

@k8s-ci-robot
Copy link
Contributor

@mikebrow: Reopened this issue.

In response to this:

/reopen

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@pacoxu
Copy link
Member

pacoxu commented Sep 29, 2022

/remove-lifecycle rotten

@k8s-ci-robot k8s-ci-robot removed the lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. label Sep 29, 2022
@marosset
Copy link
Contributor

/milestone v1.26
/label lead-opted-in
(I'm doing this on behalf of @ruiwen-zhao / SIG-node)

@k8s-ci-robot k8s-ci-robot added the lead-opted-in Denotes that an issue has been opted in to a release label Sep 30, 2022
@k8s-ci-robot k8s-ci-robot added this to the v1.26 milestone Sep 30, 2022
@rhockenbury
Copy link

Hello @mikebrow 👋, 1.26 Enhancements team here.

Just checking in as we approach enhancements freeze on 18:00 PDT on Thursday 6th October 2022.

This enhancement is targeting for stage alpha for 1.26 (correct me, if otherwise)

Here's where this enhancement currently stands:

  • KEP readme using the latest template has been merged into the k/enhancements repo.
  • KEP status is marked as implementable for latest-milestone: 1.26
  • KEP readme has a updated detailed test plan section filled out
  • KEP readme has up to date graduation criteria
  • KEP has a production readiness review that has been completed and merged into k/enhancements.

For this KEP, we would just need to update the following:

The status of this enhancement is marked as at risk. Please keep the issue description up-to-date with appropriate stages as well. Thank you!

@rhockenbury
Copy link

/label tracked/yes
/remove-label tracked/no

@k8s-ci-robot k8s-ci-robot added tracked/yes Denotes an enhancement issue is actively being tracked by the Release Team and removed tracked/no Denotes an enhancement issue is NOT actively being tracked by the Release Team labels Oct 1, 2022
@derekwaynecarr
Copy link
Member

/remove-label lead-opted-in

design consensus is not yet reached on this feature, and code implementation will not be worked on in 1.26.

@k8s-ci-robot k8s-ci-robot removed the lead-opted-in Denotes that an issue has been opted in to a release label Oct 3, 2022
@rhockenbury
Copy link

/label tracked/no
/remove-label tracked/yes
/milestone clear

@k8s-ci-robot k8s-ci-robot added tracked/no Denotes an enhancement issue is NOT actively being tracked by the Release Team and removed tracked/yes Denotes an enhancement issue is actively being tracked by the Release Team labels Oct 3, 2022
@k8s-ci-robot k8s-ci-robot removed this from the v1.26 milestone Oct 3, 2022
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle stale
  • Mark this issue or PR as rotten with /lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Jan 1, 2023
@pacoxu
Copy link
Member

pacoxu commented Jan 4, 2023

/remove-lifecycle stale
I will take a deep look into the KEP and get an update this week or next based on the discussion in #3532.

@k8s-ci-robot k8s-ci-robot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Jan 4, 2023
@pacoxu
Copy link
Member

pacoxu commented Jan 4, 2023

/assign

@sftim
Copy link
Contributor

sftim commented Feb 7, 2023

@adisky - the issue description should link to https://github.com/kubernetes/enhancements/blob/master/keps/sig-node/2535-ensure-secret-pulled-images/README.md - have you got the time to make that update?

At the moment the link is to PR #1608 which is close but not quite right.

@SergeyKanzhelev
Copy link
Member

@pacoxu do you plan to work on this for 1.28?

@pacoxu
Copy link
Member

pacoxu commented May 6, 2023

@pacoxu do you plan to work on this for 1.28?

Yes. The top priority for me in sig-node tasks. 😄

@Atharva-Shinde Atharva-Shinde removed the tracked/no Denotes an enhancement issue is NOT actively being tracked by the Release Team label May 14, 2023
@pacoxu
Copy link
Member

pacoxu commented May 30, 2023

I updated kubernetes/kubernetes#114847 PR to implement the KEP.

  • I would like to add some e2e test for this feature in this release or next.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
sig/node Categorizes an issue or PR as relevant to SIG Node. stage/alpha Denotes an issue tracking an enhancement targeted for Alpha status
Projects
Status: Graduating
Development

No branches or pull requests