enhancements icon indicating copy to clipboard operation
enhancements copied to clipboard

Published 20 hours ago verified publisher icon kubernetes

ClusterTrustBundles (previously Trust Anchor Sets)

Open ahmedtd opened this issue 2 years ago • 79 comments

Enhancement Description

  • One-line enhancement description (can be used as a release note): Define ClusterTrustBundle, a resource for holding X.509 trust anchors

  • Kubernetes Enhancement Proposal: link

  • Discussion Link: Draft doc w/ comments SIG Auth Meeting

  • Primary contact (assignee): @ahmedtd

  • Responsible SIGs: sig-auth

  • Enhancement target (which target equals to which milestone):

    • Alpha release target (x.y): 1.27 (API), 1.28 (Kubelet)
    • Beta release target (x.y): 1.32
    • Stable release target (x.y): ??

  • [x] 1.27 - Alpha

    • [x] KEP (k/enhancements) update PR(s):
      • https://github.com/kubernetes/enhancements/pull/3258
      • https://github.com/kubernetes/enhancements/pull/3826
    • [x] Code (k/k) update PR(s):
      • https://github.com/kubernetes/kubernetes/pull/113218
    • [ ] Docs (k/website) update PR(s):
      • https://github.com/kubernetes/website/pull/40065

  • [x] 1.28 - Alpha

    • [ ] KEP (k/enhancements) update PR(s):
    • [x] Code (k/k) update PR(s):
      • https://github.com/kubernetes/kubernetes/pull/113374
    • [ ] Docs (k/website) update PR(s):

  • [ ] Beta

    • [x] KEP (k/enhancements) update PR(s):
      • https://github.com/kubernetes/enhancements/pull/4791
    • [ ] Code (k/k) update PR(s):
    • [ ] Docs (k/website) update(s):

Please keep this description up to date. This will help the Enhancement Team to track the evolution of the enhancement efficiently.

ahmedtd avatar Mar 30 '22 09:03 ahmedtd

/sig auth

ahmedtd avatar Mar 30 '22 09:03 ahmedtd

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle stale
  • Mark this issue or PR as rotten with /lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

k8s-triage-robot avatar Jun 28 '22 10:06 k8s-triage-robot

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

k8s-triage-robot avatar Jul 28 '22 11:07 k8s-triage-robot

/remove-lifecycle rotten

ritazh avatar Aug 22 '22 16:08 ritazh

Hello @ahmedtd 👋, 1.26 Enhancements team here.

Just checking in as we approach enhancements freeze on 18:00 PDT on Thursday 6th October 2022.

This enhancement is targeting for stage alpha for 1.26 (correct me, if otherwise)

Here's where this enhancement currently stands:

  • [ ] KEP readme using the latest template has been merged into the k/enhancements repo.
  • [ ] KEP status is marked as implementable for latest-milestone: 1.26
  • [ ] KEP readme has a updated detailed test plan section filled out
  • [ ] KEP readme has up to date graduation criteria
  • [ ] KEP has a production readiness review that has been completed and merged into k/enhancements.

For this KEP, we would just need to update the following:

  • Merge https://github.com/kubernetes/enhancements/pull/3258

The status of this enhancement is marked as at risk. Please keep the issue description up-to-date with appropriate stages as well. Thank you!

marosset avatar Sep 20 '22 23:09 marosset

I'm planning to address these issues today.

ahmedtd avatar Sep 21 '22 17:09 ahmedtd

@marosset #3258 has been approved by SIG Auth leads and PRR https://github.com/kubernetes/enhancements/pull/3258#issuecomment-1268854253 - we are just waiting on explicit /approve from PRR folks.

enj avatar Oct 07 '22 01:10 enj

@marosset and #3258 is merged :)

enj avatar Oct 07 '22 01:10 enj

With #3258 merged, I have this down as tracked for v1.26. Thanks!

rhockenbury avatar Oct 07 '22 01:10 rhockenbury

Hi @ahmedtd 👋,

Checking in once more as we approach 1.26 code freeze at 17:00 PDT on Tuesday 8th November 2022.

Please ensure the following items are completed:

  • [ ] All PRs to the Kubernetes repo that are related to your enhancement are linked in the above issue description (for tracking purposes).
  • [ ] All PRs are fully merged by the code freeze deadline.

For this enhancement, please link all relevant k/k PRs in the initial issue description for tracking.

As always, we are here to help should questions come up. Thanks!

marosset avatar Oct 31 '22 18:10 marosset

Hello @ahmedtd ! 👋🏾,

@katmutua 1.26 Release Docs shadow here. This enhancement is marked as ‘Needs Docs’ for 1.26 release.

Please follow the steps detailed in the documentation to open a PR against dev-1.26 branch in the k/website repo. This PR can be just a placeholder at this time, and must be created by November 9.

Also, take a look at Documenting for a release to familiarize yourself with the docs requirement for the release. As a reminder, please link all of your docs PR to this issue so we can easily track it.

katmutua avatar Nov 01 '22 14:11 katmutua

Hi @ahmedtd👋,

Checking in once more as we approach 1.26 code freeze at 17:00 PDT on Tuesday 8th November 2022.

Please ensure the following items are completed:

  • [x] All PRs to the Kubernetes repo that are related to your enhancement are linked in the above issue description (for tracking purposes).
  • [ ] All PRs are fully merged by the code freeze deadline.

For this enhancement, it looks like the following PRs are open and need to be merged before code freeze:

  • https://github.com/kubernetes/kubernetes/pull/113218
  • https://github.com/kubernetes/kubernetes/pull/113374

As always, we are here to help should questions come up. Thanks!

marosset avatar Nov 07 '22 18:11 marosset

Hello 👋, 1.26 Enhancements Lead here.

Unfortunately, this enhancement did not meet requirements for code freeze. If you still wish to progress this enhancement in v1.26, please file an exception request. Thanks!

/milestone clear /label tracked/no /remove-label tracked/yes /remove-label lead-opted-in

rhockenbury avatar Nov 09 '22 01:11 rhockenbury

@enj and I are doing API review for this one

liggitt avatar Jan 05 '23 23:01 liggitt

Hello @ahmedtd 👋, Enhancements team here.

Just checking in as we approach enhancements freeze on 18:00 PDT Thursday 9th February 2023.

This enhancement is targeting for stage alpha for v1.27 (correct me, if otherwise)

Here's where this enhancement currently stands:

  • [x] KEP readme using the latest template has been merged into the k/enhancements repo.
  • [ ] KEP status is marked as implementable for latest-milestone: v1.27
  • [x] KEP readme has a updated detailed test plan section filled out
  • [x] KEP readme has up to date graduation criteria
  • [x] KEP has a production readiness review that has been completed and merged into k/enhancements.

For this KEP, we would just need to update the following:

  • Please update the latest-milestone and alpha target in the kep.yaml

The status of this enhancement is marked as at risk. Please keep the issue description up-to-date with appropriate stages as well. Thank you!

marosset avatar Jan 31 '23 01:01 marosset

@ahmedtd @liggitt - can you please take a look at: https://github.com/kubernetes/enhancements/pull/3258#discussion_r1030221962 and ensure that either it is answered in the KEP or it will be added as a thing to resolve in Beta criteria?

wojtek-t avatar Feb 02 '23 14:02 wojtek-t

@marosset the last item mentioned in https://github.com/kubernetes/enhancements/issues/3257#issuecomment-1409600888 should be complete now, can you verify this is tracked for freeze?

liggitt avatar Feb 06 '23 14:02 liggitt

This enhancement meets all the requirements to be tracked for v1.27 Thanks everyone!

/label tracked/yes /remove-label tracked/no

marosset avatar Feb 06 '23 20:02 marosset

Hi @ahmedtd :wave:,

Checking in as we approach 1.27 code freeze at 17:00 PDT on Tuesday 14th March 2023.

Please ensure the following items are completed:

  • [x] All PRs to the Kubernetes repo that are related to your enhancement are linked in the above issue description (for tracking purposes).
  • [ ] All PRs are fully merged by the code freeze deadline.

For this enhancement, it looks like the following PRs are open and need to be merged before code freeze:

  • https://github.com/kubernetes/kubernetes/pull/113218
  • https://github.com/kubernetes/kubernetes/pull/113374

Please let me know if there are any other PRs in k/k I should be tracking for this KEP. As always, we are here to help should questions come up. Thanks!

marosset avatar Mar 08 '23 20:03 marosset

Hello @ahmedtd ! 👋🏾,

@katmutua 1.27 Release Docs shadow here. This enhancement is marked as ‘Needs Docs’ for 1.27 release.

Please follow the steps detailed in the documentation to open a PR against dev-1.27 branch in the k/website repo. This PR can be just a placeholder at this time, and must be created by March 16. For more information, please take a look at Documenting for a release to familiarize yourself with the documentation requirements for the release.

If you already have existing open PRs please link them to the description so we can easily track them. Thanks!

katmutua avatar Mar 09 '23 23:03 katmutua

Unfortunately the implementation PRs associated with this enhancement have not merged by code-freeze so this enhancement is getting removed from the release.

If you would like to file an exception please see https://github.com/kubernetes/sig-release/blob/master/releases/EXCEPTIONS.md

/milestone clear /remove-label tracked/yes /label tracked/no

marosset avatar Mar 15 '23 00:03 marosset

/milestone v1.27

salaxander avatar Mar 16 '23 17:03 salaxander

@ahmedtd you might like to change the issue description to strike through TrustAnchorSet and write ClusterTrustBundle in its place.

sftim avatar Mar 16 '23 17:03 sftim

Done --- updated the description as well.

ahmedtd avatar Mar 16 '23 17:03 ahmedtd

Docs for the Alpha API landed in 1.27: https://github.com/kubernetes/website/pull/40065

ahmedtd avatar Mar 16 '23 20:03 ahmedtd

Hey @ahmedtd - just a reminder that the exception request expires at 5pm pacific time today. https://github.com/kubernetes/kubernetes/pull/113374 will need to merge before that time.

Thanks!

salaxander avatar Mar 17 '23 15:03 salaxander

https://github.com/kubernetes/kubernetes/pull/113374 was moved to 1.28, only https://github.com/kubernetes/kubernetes/pull/113218 was part of the exception request for 1.27

liggitt avatar Mar 17 '23 15:03 liggitt

@salaxander only https://github.com/kubernetes/kubernetes/pull/113218 is targeting v1.27. https://github.com/kubernetes/kubernetes/pull/113374 will wait until v1.28 (while the PRs are for the same overall KEP, each PR has a different feature gate / functionality).

enj avatar Mar 17 '23 15:03 enj

kubernetes/kubernetes#113374 was moved to 1.28, only kubernetes/kubernetes#113218 was part of the exception request for 1.27

Ah sounds good! I'll mark you as complete then. Thanks!!

salaxander avatar Mar 17 '23 15:03 salaxander

@ahmedtd Is the KEP updated to reflect the current state and implementation plan for v1.28?

aramase avatar Jun 12 '23 16:06 aramase