enhancements

enhancements copied to clipboard

Enhancement Description

• One-line enhancement description (can be used as a release note): Add new API surface to control and track how supplemental groups are applied in the container.
• Kubernetes Enhancement Proposal: https://github.com/kubernetes/enhancements/tree/master/keps/sig-node/3619-supplemental-groups-policy
• Discussion Link: https://github.com/kubernetes/kubernetes/issues/112879
• Primary contact (assignee):　@everpeace
• Responsible SIGs: sig-node
• Enhancement target (which target equals to which milestone):
  • Alpha release target (x.y): 1.31
  • Beta release target (x.y):
  • Stable release target (x.y):
• [ ] Alpha
  • [x] KEP (k/enhancements) update PR(s):
    • [x] https://github.com/kubernetes/enhancements/pull/3620
    • [x] https://github.com/kubernetes/enhancements/pull/3862
    • [x] https://github.com/kubernetes/enhancements/pull/3874
    • [x] https://github.com/kubernetes/enhancements/pull/4628
    • [x] https://github.com/kubernetes/enhancements/pull/4728
  • [ ] Code (k/k) update PR(s):
    • [x] https://github.com/kubernetes/kubernetes/pull/117842
    • [ ] https://github.com/kubernetes/kubernetes/pull/125470
  • [ ] cri-tools update PR(s):
    • [ ] https://github.com/kubernetes-sigs/cri-tools/pull/1438
  • [ ] contained Update PR(s):
    • [x] https://github.com/containerd/containerd/pull/9737
    • [ ] https://github.com/containerd/containerd/pull/10410
  • [ ] CRI-O Update PR(s):
    • [x] https://github.com/cri-o/cri-o/pull/8268
    • [ ] t.b.d.
  • [ ] Docs (k/website) update PR(s):
    • [ ] https://github.com/kubernetes/website/pull/46920
    • [ ] https://github.com/kubernetes/website/pull/46921

Please keep this description up to date. This will help the Enhancement Team to track the evolution of the enhancement efficiently.

/assign /sig node /kind feature

/assign /sig scheduling

@everpeace: The label(s) /remove-label sig/scheduling cannot be applied. These labels are supported: api-review, tide/merge-method-merge, tide/merge-method-rebase, tide/merge-method-squash, team/katacoda, refactor, lead-opted-in, tracked/no, tracked/out-of-tree, tracked/yes. Is this label configured under labels -> additional_labels or labels -> restricted_labels in plugin.yaml?

In response to this:

/remove-label sig/scheduling

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

/kind feature

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue or PR as fresh with /remove-lifecycle stale
• Mark this issue or PR as rotten with /lifecycle rotten
• Close this issue or PR with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

/remove-lifecycle stale

/milestone v1.27

let's see if we can start it in 1.27

/label lead-opted-in

/stage alpha

Hello @everpeace 👋, 1.27 Enhancements team here.

Just checking in as we approach enhancements freeze on 18:00 PDT Thursday 9th February 2023.

This enhancement is targeting for stage alpha for 1.27 (correct me, if otherwise)

Here's where this enhancement currently stands:

• [ ] KEP readme using the latest template has been merged into the k/enhancements repo.
• [ ] KEP status is marked as implementable for latest-milestone: 1.27
• [ ] KEP readme has a updated detailed test plan section filled out
• [ ] KEP readme has up to date graduation criteria
• [ ] KEP has a production readiness review that has been completed and merged into k/enhancements.

It looks like https://github.com/kubernetes/enhancements/pull/3620 will address most of these issues.

The status of this enhancement is marked as at risk. Please keep the issue description up-to-date with appropriate stages as well. Thank you!

@npolshakova, kep yaml has correct values for stage, milestone, etc:

https://github.com/kubernetes/enhancements/blob/472a381fb32767bf65cbd28b62c04ee655cc2408/keps/sig-node/3619-supplemental-groups-policy/kep.yaml#L8-L30

This KEP updates to the latest template and covers testing section: https://github.com/kubernetes/enhancements/pull/3862

PRR review completed:

https://github.com/kubernetes/enhancements/blob/472a381fb32767bf65cbd28b62c04ee655cc2408/keps/prod-readiness/sig-node/3619.yaml#L1-L6

So once #3862 is merged, this KEP is ready for the milestone

Great! Looks like https://github.com/kubernetes/enhancements/pull/3862 went in so this enhancement as tracked for v1.27. Thanks!

/label tracked/yes

Hi @everpeace,

Checking in as we approach 1.27 code freeze at 17:00 PDT on Tuesday 14th March 2023.

Please ensure the following items are completed:

• [ ] All PRs to the Kubernetes repo that are related to your enhancement are linked in the above issue description (for tracking purposes).
• [ ] All PRs are fully merged by the code freeze deadline.

Please let me know if there are any other PRs in k/k I should be tracking for this KEP. As always, we are here to help should questions come up. Thanks!

Hi @everpeace 👋 , I’m reaching out from the 1.27 Release Docs team. This enhancement is marked as ‘Needs Docs’ for the 1.27 release. Please follow the steps detailed in the documentation to open a PR against dev-1.27 branch in the k/website repo. This PR can be just a placeholder at this time, and must be created by March 16. For more information, please take a look at Documenting for a release to familiarize yourself with the documentation requirements for the release. Please feel free to reach out with any questions. Thanks!

Hi @everpeace, this is the status as we approach code freeze today:

• [ ] All PRs to the Kubernetes repo that are related to your enhancement are linked in the above issue description (for tracking purposes).
• [ ] All PRs are fully merged by the code freeze deadline.

Please let me know what other PRs in k/k I should be tracking for this KEP.

As always, we are here to help should questions come up. Thanks!

Unfortunately the implementation PRs associated with this enhancement have not merged by code-freeze so this enhancement is getting removed from the release.

If you would like to file an exception please see https://github.com/kubernetes/sig-release/blob/master/releases/EXCEPTIONS.md

/milestone clear /remove-label tracked/yes /label tracked/no

@everpeace do you plan to continue working on this KEP in 1.28?

@SergeyKanzhelev Yes, I will continue working on this KEP. As I wrote in https://github.com/kubernetes/enhancements/pull/3620#issuecomment-1500728236 , my cleanup PR in containerd took much time to merge than I expected.

Memo: Tasklist to alpha(v1.28)

• [ ] implement SupplementalGroupsPolicy in k/k (incl. updating cri-api)
• [ ] implement cri-api's SupplementalGroupsPolicy in containerd
• [ ] release containerd with cri-api's SupplementalGroupsPolicy support
• [ ] implement e2e for SupplementalGroupsPolicy
• [ ] add SupplementalGroupsPolicy to cri-test
• [ ] add SupplementalGroupsPolicy to k/website (https://kubernetes.io/docs/tasks/configure-pod-container/security-context/)

/milestone v1.28

Is this still hoping to land alpha in 1.28?

/label lead-opted-in

Hello @everpeace 👋, 1.28 Enhancements team here!

Just checking in as we approach enhancements freeze on 18:00 PDT Thursday 9th February 2023.

This enhancement is targeting for stage alpha for 1.28 (correct me, if otherwise)

Here's where this enhancement currently stands:

• [ ] KEP readme using the latest template has been merged into the k/enhancements repo.
• [ ] KEP status is marked as implementable for latest-milestone: 1.28
• [x] KEP readme has a updated detailed test plan section filled out
• [x] KEP readme has up to date graduation criteria
• [x] KEP has a production readiness review that has been completed and merged into k/enhancements.

For this KEP, we would just need to update the following:

• Update latest milestone to 1.28
• Update alpha milestone to 1.28

The status of this enhancement is marked as at risk. Please keep the issue description up-to-date with appropriate stages as well. Thank you!

For this KEP, we would just need to update the following:

• Update latest milestone to 1.28
• Update alpha milestone to 1.28

this is done, KEP should be ok to be tracked

With all the requirements fulfilled this enhancement is marked as tracked for the Enhancements freeze 🚀

Hello @everpeace 1.28 Docs Shadow here.

Does this enhancement work planned for 1.28 require any new docs or modification to existing docs?

If so, please follows the steps here to open a PR against dev-1.28 branch in the k/website repo. This PR can be just a placeholder at this time and must be created before Thursday 20th July 2023.

Also, take a look at Documenting for a release to get yourself familiarize with the docs requirement for the release.

Thank you!

Hey again @everpeace :wave:

Just checking in as we approach Code freeze at 01:00 UTC Friday, 19th July 2023 .

Here’s the enhancement’s state for the upcoming code freeze:

• [ ] All the PRs that are related to your enhancement are linked in the above issue description (for tracking purposes). This includes code, tests, and documentation related PR/s.
• [ ] All code related PR/s are merged or are in merge-ready state ( i.e they have approved and lgtm labels applied) by the code freeze deadline. This includes any tests related PR/s too.

Also please let me know if there are other PRs in k/k we should be tracking for this KEP. As always, we are here to help if any questions come up. Thanks!

Hey @everpeace , could you please create a docs PR even if it is a draft PR with no content yet against dev-1.28 branch in the k/website repo. The deadline to create this draft PR is Thursday 20th July 2023.

Hey @everpeace, Docs Shadow here! could you please create a docs PR even if it is a draft PR with no content yet against dev-1.28 branch in the k/website repo. The deadline to create this draft PR is Thursday 20th July 2023.

Hello @everpeace 👋, 1.28 Enhancements Lead here.

Unfortunately, the implementation (code related) PR associated with this enhancement was not in the merge-ready state by the code-freeze and hence this enhancement is now being removed from the v1.28 milestone.

If you still wish to progress this enhancement in v1.28, please file an exception request. Thanks!

/milestone clear

@everpeace do you plan to keep working on this KEP for 1.29?