CEL for Admission Control

[jpbetz]

Enhancement Description

• One-line enhancement description (can be used as a release note): CEL for Admission Control
• Kubernetes Enhancement Proposal: KEP
• Discussion Link: https://groups.google.com/g/kubernetes-sig-api-machinery/c/WBVf_oWm4kU
• Primary contact (assignee): jpbetz
• Responsible SIGs: sig-apimachinery
• Enhancement target (which target equals to which milestone):
  • Alpha release target (x.y): 1.26
  • Beta release target (x.y):
  • Stable release target (x.y):
• Alpha
  • KEP (k/enhancements) update PR(s):
    • KEP-3488: CEL Admission Control #3492
    • PRR: KEP-3488: Add PRR and test section for Cel admission control #3554
  • Code (k/k) update PR(s):
    • Implement CEL for Admission Control kubernetes#113314
    • Refactor matcher interface kubernetes#113349
    • Add metrics for CEL for admission control KEP kubernetes#112994
    • Add feature gate CelValidatingAdmission kubernetes#112792
    • split and move CEL package kubernetes#112926
    • CEL Admission Plugin kubernetes#112858
  • Docs (k/website) update PR(s):
    • Documentation for CEL in Admission Control website#37770
    • [WIP]Feature blog place holder PR for CEL in Admission Control website#37683

Please keep this description up to date. This will help the Enhancement Team to track the evolution of the enhancement efficiently.

[jpbetz]

/sig api-machinery

[kikisdeliveryservice]

@jpbetz please provide a Discussion Link. It is required that you "link to SIG mailing list thread, meeting, or recording where the Enhancement was discussed before KEP creation" :)

[logicalhan]

/lead-opted-in

[logicalhan]

/milestone v1.26

[logicalhan]

/lead-opted-in

[logicalhan]

/sig api-machinery

[rhockenbury]

/label tracked/yes

[parul5sahoo]

Hello @jpbetz 👋, 1.26 Enhancements team here.

Just checking in as we approach enhancements freeze on 18:00 PDT on Thursday 6th October 2022.

This enhancement is targeting for stage alpha for 1.26 (correct me, if otherwise)

Here's where this enhancement currently stands:

• KEP readme using the latest template has been merged into the k/enhancements repo.
• KEP status is marked as implementable for latest-milestone: 1.26
• KEP readme has a updated detailed test plan section filled out
• KEP readme has up to date graduation criteria
• KEP has a production readiness review that has been completed and merged into k/enhancements.

For this KEP, we would just need to update the following before enhancements freeze which is approaching soon:

• update the status of the KEP in the kep.yaml to implemetable.
• check the agreement in the test plan section and add graduation criteria for alpha phase(if need being).
• Complete and merge the PRR for the kep

The status of this enhancement is marked as at risk. Please keep the issue description up-to-date with appropriate stages as well. Thank you!

[jpbetz]

#3554 contains PRR, test, graduation and implementable, we are aiming to merge it today

[cici37]

@parul5sahoo Thanks for reaching out! We have everything merged. The KEP can be tracked now. Please let us know of anything is missing :)

[parul5sahoo]

Hello @cici37 , although I see that the release sign off checklist and the test agreement have been included but they are all unchecked. so could you please check the items that meet the criteria in the release check list and also the check the test agreement. And since these are minor details I am marking the KEP as tracked.

[cici37]

Hello @cici37 , although I see that the release sign off checklist and the test agreement have been included but they are all unchecked. so could you please check the items that meet the criteria in the release check list and also the check the test agreement. And since these are minor details I am marking the KEP as tracked.

#3592 to address this. Thanks for marking this tracked!

[cici37]

/assign

[katmutua]

Hello @jpbetz ! 👋🏾,

@katmutua 1.26 Release Docs shadow here. This enhancement is marked as ‘Needs Docs’ for 1.26 release.

Please follow the steps detailed in the documentation to open a PR against dev-1.26 branch in the k/website repo. This PR can be just a placeholder at this time, and must be created by November 9.

Also, take a look at Documenting for a release to familiarize yourself with the docs requirement for the release.
As a reminder, please link all of your docs PR to this issue so we can easily track it.

[ruheenaansari34]

Hi @jpbetz 👋,

Checking in once more as we approach the 1.26 code freeze at 17:00 PDT on Tuesday 8th November 2022.

Please ensure the following items are completed:

• All PRs to the Kubernetes repo that are related to your enhancement are linked in the above issue description (for tracking purposes).
• All PRs are fully merged by the code freeze deadline.

For this enhancement, it looks like the following PRs are open and need to be merged before the code freeze. If you do have any other k/k PRs open, please link them to this issue :

• Implement CEL for Admission Control kubernetes#113314
• Add new API version for CEL in Admission Control kubernetes#112883

As always, we are here to help should questions come up. Thanks!

[jpbetz]

All PRs are now linked and we are working on code review and approvals. We will open a docs PR shortly.

[cici37]

I have opened the doc place holder PR. Thanks

[jpbetz]

All alpha feature code has merged.