Masaki Kimura

> Why do you want to have lien objects? It's to make it easier to manage who has control over the specific lien in the delete-liens field. If multiple liens...

If only talking about the use case for secret protection, the feature needed is like block deleting "Secret A" that can be used by "Pod B" and "PersistentVolume C" while...

And also thinking about using a lien per controller, not per reason, like below. ``` apiVersion: v1 kind: Secret metadata: namespace: ns2 name: A delete-liens: - "k8s.io/secret-protection-controller" type: Opaque data:...

@lavalamp > You can prototype today with e.g. specially formatted annotations and a webhook admission controller. I've implemented a prototype of lien as [this](https://github.com/mkimuram/kubernetes/commits/lien). It is separated to 4 commits,...

@lavalamp I've updated the KEP. PTAL Also, I will upate the prototype of secret-protection to rely on this in-use protection mechanism to check the feasibility and also update the KEP...

@lavalamp Thank you for your review and feedback. I will update the KEP. > This is close enough that maybe you can come to an API Machinery SIG meeting and...

@lavalamp Updated the KEP. PTAL (For rephrasing "validating admission webhook", used common phrase "validation in api-server".)

@detiber @neolit123 Thank you for your review. I've addressed the review comments. PTAL Also, I changed the format for Liens field. Please also check it (In my understanding, content of...

@johnbelamaric PRR approval deadline is approaching. Could you apporve it? If there are anything missing for PRR approval, please point out.

@wojtek-t @thockin cc: @lavalamp @detiber @neolit123 @msau42 Updated the KEP to change back to slice-of-strings Liens and restrict it to per-controller/per-user, to be more aligned with Finalizers. PTAL