enhancements
enhancements copied to clipboard
kubernetes
Identify Windows pods at API admission level authoritatively
Enhancement Description
Identifying Windows pods at the API admission level authoritatively is crucial to apply appropriate security constraints to the pod. We rely on kubelet to strip certain security constraints when the pod lands on the node. While this is workable solution identifying all the valid scenarios during kubelet admission time is hard and not scalable. Having the identification done during the API admission would also help the other admission controllers like PodSecurityAdmission to authoritatively apply security constraints.
- One-line enhancement description (can be used as a release note):
- Kubernetes Enhancement Proposal:
- Discussion Link:
- Primary contact (assignee): @ravisantoshgudimetla
- Responsible SIGs: Windows
- Enhancement target (which target equals to which milestone):
- Alpha release target (x.y): 1.23
- Beta release target (x.y): 1.24
- Stable release target (x.y): 1.25
- [x] Alpha
- [x] KEP (
k/enhancements) update PR(s):- [x] https://github.com/kubernetes/enhancements/pull/2803
- [x] Code (
k/k) update PR(s):- [x] https://github.com/kubernetes/kubernetes/pull/104693
- [x] https://github.com/kubernetes/kubernetes/pull/104613
- [x] https://github.com/kubernetes/kubernetes/pull/105292
- [x] Docs (
k/website) update PR(s): https://github.com/kubernetes/website/pull/30436
- [x] KEP (
- [x] Beta
- [x] KEP (
k/enhancements) update PR(s):- [x] https://github.com/kubernetes/enhancements/pull/3102
- [x] Code (
k/k) update PR(s):- [x] https://github.com/kubernetes/kubernetes/pull/107859
- [x] Testgrid:
- [x] https://testgrid.k8s.io/sig-node-release-blocking#node-kubelet-serial-containerd
- [x] Docs (
k/website) update(s):- [x] https://github.com/kubernetes/website/pull/32481
- [x] KEP (
- [ ] Stable
- [x] KEP (
k/enhancements) update PR(s):- [x] https://github.com/kubernetes/enhancements/pull/3303
- [x] Code (
k/k) update PR(s):- [x] https://github.com/kubernetes/kubernetes/pull/105919
- [ ] Docs (
k/website) update(s):- [ ] https://github.com/kubernetes/website/pull/35590
- [ ] https://github.com/kubernetes/website/pull/35772
- [ ] https://github.com/kubernetes/website/pull/35985
- [x] KEP (
Please keep this description up to date. This will help the Enhancement Team to track the evolution of the enhancement efficiently.
Hi @ravisantoshgudimetla! 1.23 Enhancements team here. Just checking in as we approach enhancements freeze on Thursday 09/09. Here's where this enhancement currently stands:
- [ ] KEP file using the latest template has been merged into the k/enhancements repo.
- [ ] KEP status is marked as
implementable - [ ] KEP has a test plan section filled out.
- [ ] KEP has up to date gradution criteria.
- [ ] KEP has a production readiness review that has been completed and merged into k/enhancements.
Starting with 1.23, we have implented a soft freeze on production readiness reviews beginning on Thursday 09/02. If your enhancement needs a PRR, please make sure to try and complete it by that date!
Thanks!
Hi @ravisantoshgudimetla! 1.23 Enhancements shadow hereππ½
Just following up as we are approaching the enhancements freeze on Thursday 09/09.
Here's where this enhancement currently stands:
- [x] KEP file using the latest template has been merged into the k/enhancements repo.
- [x] KEP status is marked as implementable
- [x] KEP has a test plan section filled out.
- [x] KEP has up to date gradution criteria.
- [x] KEP has a production readiness review that has been completed and merged into k/enhancements.
Looks like this issue is all set for the Enhancement Freeze π I will update the tracking sheet accordingly.
Thank you!
Hi @ravisantoshgudimetla :wave: 1.23 Docs shadow here.
This enhancement is marked as 'Needs Docs' for the 1.23 release.
Please follow the steps detailed in the documentation to open a PR against the dev-1.23 branch in the k/website repo. This PR can be just a placeholder at this time and must be created before Thu November 18, 11:59 PM PDT.
Also, if needed take a look at Documenting for a release to familiarize yourself with the docs requirement for the release.
Thanks!
Do we have a list of recognised operating system names / intend to have a list like that?
If so, we should aim to document what that list of names consists of. These might be borrowed from elsewhere; that's OK, and we can document where to look.
Linking some implementation PRs https://github.com/kubernetes/kubernetes/pull/104693 https://github.com/kubernetes/kubernetes/pull/104613
Hi @ravisantoshgudimetla! 1.23 Enhancements shadow hereππ½ Just checking on the PRs status for this issue as we are approaching code freeze deadline on Tuesday, November 16 at 6:00 pm PST
I see that the two PRs are merged. Are there any open PRs that need to be linked to this issue?
Marking this as tracked in the tracking sheet. Please let me know if there are any updates.
@supriya-premkumar - All the needed PRs merged. Will open a docs PR shortly
Hi @ravisantoshgudimetla! 1.24 Enhancements team here. Just checking in as we approach enhancements freeze at 18:00pm PT on Thursday Feb 3rd. This enhancement is targeting beta for 1.24.
Hereβs where this enhancement currently stands:
- [x] Updated KEP file using the latest template has been merged into the k/enhancements repo.
- [x] KEP status is marked as
implementableforlatest-milestone: 1.24 - [x] KEP has a test plan section filled out.
- [x] KEP has up to date graduation criteria.
- [x] KEP has a production readiness review that has been completed and merged into k/enhancements.
The status of this enhancement is tracked. Everything is set for enhancements freeze. Thanks!
As a side note, would you be able to correct the kep number in the PRR file? - https://github.com/kubernetes/enhancements/blob/master/keps/prod-readiness/sig-windows/2802.yaml#L1. The KEP number is 2802.
As a side note, would you be able to correct the kep number in the PRR file? - https://github.com/kubernetes/enhancements/blob/master/keps/prod-readiness/sig-windows/2802.yaml#L1. The KEP number is 2802.
I opened https://github.com/kubernetes/enhancements/pull/3202 for this
Hi @marosset π 1.24 Docs shadow here.
This enhancement is marked as Needs Docs for the 1.24 release.
Please follow the steps detailed in the documentation to open a PR against the dev-1.24 branch in the k/website repo. This PR can be just a placeholder at this time and must be created before Thursday 31st March 2022, 18:00 PDT.
Also, if needed take a look at Documenting for a release to familiarize yourself with the docs requirement for the release.
Thanks!
Hi @ravisantoshgudimetla :wave: 1.24 Release Comms team here.
We have an opt-in process for the feature blog delivery. If you would like to publish a feature blog for this issue in this cycle, then please opt in on this tracking sheet.
The deadline for submissions and the feature blog freeze is scheduled for 01:00 UTC Wednesday 23rd March 2022 / 18:00 PDT Tuesday 22nd March 2022. Other important dates for delivery and review are listed here: https://github.com/kubernetes/sig-release/tree/master/releases/release-1.24#timeline.
For reference, here is the blog for 1.23.
Please feel free to reach out any time to me or on the #release-comms channel with questions or comments.
Thanks!
Hi @marosset π
Checking in as we approach 1.24 code freeze at 01:00 UTC Wednesday 30th March 2022.
Please ensure the following items are completed:
- All PRs to the Kubernetes repo that are related to your enhancement are linked in the above issue description (for tracking purposes).
- All PRs are fully merged by the code freeze deadline.
It looks like we're just waiting on this one? -> https://github.com/kubernetes/kubernetes/pull/107859
As always, we are here to help should questions come up.
Thanks!!
Hi @marosset π
Checking in as we approach 1.24 code freeze at 01:00 UTC Wednesday 30th March 2022.
Please ensure the following items are completed:
- All PRs to the Kubernetes repo that are related to your enhancement are linked in the above issue description (for tracking purposes).
- All PRs are fully merged by the code freeze deadline.
It looks like we're just waiting on this one? -> kubernetes/kubernetes#107859
As always, we are here to help should questions come up.
Thanks!!
Yup we are only waiting on that PR which is reviewed but awaiting e2e validation in a PR job. Thanks!
π Hello @ravisantoshgudimetla,
1.25 Enhancements team here. Just checking in as we approach enhancements freeze on 18:00 PST on Thursday June 16, 2022.
Here's where this enhancement currently stands:
- [ ] KEP file using the latest template has been merged into the k/enhancements repo.
- [X] KEP status is marked as
implementable - [ ] KEP has a updated detailed test plan section filled out
- [ ] KEP has up to date graduation criteria
- [ ] KEP has a production readiness review that has been completed and merged into k/enhancements.
Looks like for this one, we need to merge #3303 which includes everything to meet all requirements for enhancements freeze.
For note, the status of this enhancement is marked as at risk. Please keep the issue description up-to-date with appropriate stages as well. Thank you!
Hi @rhockenbury KEP has updated test plan - Can you take a look. I can ask folks from prod readiness to review it then.
@ravisantoshgudimetla Yes, it looks like all requirements for enhancement freeze will be met once #3303 is merged.
Hi @ravisantoshgudimetla π
Checking in once more as we approach 1.25 code freeze at 01:00 UTC on Wednesday, 3rd August 2022.
Please ensure the following items are completed:
- [X] All PRs to the Kubernetes repo that are related to your enhancement are linked in the above issue description (for tracking purposes).
- [ ] All PRs are fully merged by the code freeze deadline.
- https://github.com/kubernetes/kubernetes/pull/105919
Please verify, if there are any additional k/k PRs besides the ones listed above.
Please plan to get the open k/k merged by the code freeze deadline. The status of the enhancement is currently marked as at-risk.
Please also update the issue description with the relevant links for tracking purpose. Thank you so much!
We should document podOS outside of https://kubernetes.io/docs/concepts/windows/user-guide/
(Windows is one supported podOS, but it's not the only game in town)
When we add that documentation, consider updating the release note for https://github.com/kubernetes/kubernetes/pull/111229
Hi @ravisantoshgudimetla π
1.25 Release Docs Shadow here. Does this enhancement work planned for 1.25 require any new docs or modification to existing docs? If so, please follows the steps here to open a PR against dev-1.25 branch in the k/website repo. This PR can be just a placeholder at this time and must be created before August 4. Also, take a look at Documenting for a release to get yourself familiarize with the docs requirement for the release. Thank you!
Hello @ravisantoshgudimetla π
With the k/k code PRs, now merged, the enhancement is ready for the 1.25 code freeze
The status of this enhancement is currently marked as tracked
Thank you.
I recommend mentioning https://github.com/kubernetes/website/pull/35985 in the KEP issue description.
@marosset: Closing this issue.
In response to this:
/close
Thanks @ravisantoshgudimetla for all of your contributions here!
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.
